OK, maybe I can say it in some other way.
1) Upgrade to 6.38.5 fixes the botnet scanner and removes it.
2) Upgrade to 6.41.3 fixes SMB vulnerability.
This topic is about #1, but you don't seem to have this issue at all, you have some other files in your system.
Let me tell you how I see if from the customer perspective.
Imagine that something (like mail notification) or someone (a colleague of mine) told me about "Urgent security advisory" that Mikrotik have published on their website/forum.
And for some reasons, I have a version that it lower than v6.38.5 on my device. After reading your first post in this thread I am installing "v6.38.5" and this let me think that I am safe.
But I am not. Because you did not mention that there was an even worse vulnerability (SMB or some other) that was discovered later and I have to install 6.41.3 to fix this latter issue as well.
Seems that that was exactly our case. We did install 6.40.5 when we discovered that our mikrotiks made ssh connections to our internal network and also there were established connections from mikrotiks to some other machines on the internet (may be it was a tunnel through mikrotik, I don't know).
You are not publishing details about discovered vulnerabilities, even brief description and what your customers told you and what your support engineers discovered during their investigations of vulnerable devices.
You just telling us - upgrade to some version and you are safe.
For me, it seems that your very first fix was not complete and did not fully fix the issue.
That's why we could see malicious processes even when we upgraded to 6.40.5.
And you solved this issue only when you released a subsequent fix (in the next version of firmware).
Since you have shell access, I can't say how you got those files in your system.
This sounds funny: you blame me on everything just because I have this "shell access" on my device.