Hello,
today we performed the reset via Netinstall on the affected device, but unfortunately this malware appears to affect also the sup-out and even the export utility: neither of both commands complete and never return any result, so we could not retrieve such information.
The device seems to be working properly now: things like export, sup-out, uploading .npk files to the root are working now, and even seems to be working faster.
The reply I got from
support@mikrotik.com is that I should send the sup-out file, but no updates on the issue itself, so I guess that malware it is still out there and could affect us again.
We have improved some security configurations, but other than that we cannot do much more since there isn't much more information available about this issu. Only solution seems to be doing the reset via Netinstall. So, if you hit this and you do not have a backup, good luck!
Heraldo.