Im new in the forum. I have been using Mikrotik from various years, in Argentina.
Recently we are infected in some of this routers with Coinhive and Socks-Proxy virus... (winbox port opened freely to internet... yeah! )
We have recovered some ones and applied the security indications recommended (upgrade to latest version and change passwords, and close the winbox and anothers ports).
Actually we have a problem with one RB751U-2HND. I can remove the scripts from the MK. Aparently is 100% clear.
- I cannot upgrade (or downgrade) the firmware. Currently is 6.37.3, however I have tested with "fsystem routerboard settings set force-backup-booter=no"
- I cannot modify this unit for enter in Netinstall (I change the boot device to "try-ethernet-once-then-nand" but the unit cannot connect in Netinstall, boots normally.
- In one instance that have used the reset button, have captured this TFTP request (using Wireshark from the PC connected directly to mikrotik)
Update: The image (if is not loading) says "TFTP 70 Read Request, File: vmlinux, Transfer type: octet, blksize=512"
Thanks in advantage.
Sorry for my english