Why did you leave SSH open?

You now have device issues, but RouterOS is not involved.

You also have IT dept issues.
Who was responsible for this disaster?
They need training badly.

You should remove the router, netinstall a fresh version of software you wish to use, and then put a config back on, which is better constructed from a function AND security perspective.

You should also consider after ensuring all computers are clean is instill some software that helps block traffic to bad sites so that malware phoning home is blocked.

Two options.........
https://itexpertoncall.com/promotional/moab.html ( I like that this site also promotes the use of mailwasher if you dont already have some sort of mail protections )

The other
https://axiomcyber.com/shield/

I'm thinking to load a load configuration file is it going to be helpful and deletes the traces that he did to us , or do I need a fresh install for everything and after that load the configuration?

Hire someone that knows what he's(she's) dealing with.

I'm thinking to load a load configuration file is it going to be helpful and deletes the traces that he did to us , or do I need a fresh install for everything and after that load the configuration?

Generally there are two types of exploits: most of time attacker alters configuration or adds some scripts which then allows them to spread malware further. The other type is such that attacker instalks malicious code into ROS. I've never seen any proof that this kind of attacks happen, however behaviour reported by some users strongly indicate it's possible.
It is possible to recover from first type of exploits by cleaning up configuration or by restoring device from known clean backup (binary backups are next to impossible to verify though). But it does take some expertise to find and eliminate all malicious config (some of it might seem legitimate but it may not be in particular use case). And restoring config from backup would mean device is still vulnerable afterwards. Recovery from second type of attack (malicious code installed in ROS) is only possible by doing netinstall (which formats flash). In both cases I'd suggest to configure device from scratch, but taking a solid default config as base (default config on lower and mid-end devices is decent, high-end devices come without config from factory).

Suggestion by @znevna is a sound one ...

With all these premises, there is little to say, a generic forum, on anything, cannot help.
You MUST hire someone who can work on all of these things, not just the MikroTik related part.
Installing something on an INFECTED computer is absolutely useless (obviously it depends).
Chat without facts, it doesn't do any good.
If who you should hire should do your job, well, there is little to add...

about screenshot: here too...

There is little to add, the router could be screwed, must be netinstall-ed for sure to be safe.

Whenever I see a bunch of .scr files called Photo etc, the first assumption is that FTP access was gained. So check your passwords etc

Can we see the config of the router?

Bruh, you're bad at your job, go flip burgers or something.
You don't leave a router and the rest of your network like that for DAYS.

You gave us the details, if you had read my post on Oct 5, 1:07pm

I told you to netinstall the device as it has been compromised.
Clearly as of 11 Oct that has still not been done.

Znevna is quite correct, and believe me I hate saying that.! Hire someone who actually cares about the network let alone has the technical and security training to do the job.
You clearly dont care about the users or the network and the assistance we have been providing is falling on deaf and arrogant ears...........
I am going to help others that actually listen.

In networking you don't treat the symptoms (some config change) but instead it is preferrable to find the cause and eliminate it (why someone managed to change a setting without permission from your network admin).
In your case it was poor device security measures (if any).
Eliminating the problem means sending your network administrator to flip burgers or to take some classes on how to flip burgers, first.
Take it with all the salt needed.