Only if you have MikroTik’s special NPK that allows you to view the file system raw.
Otherwise, you should check for additional users, a change in your incoming radius settings, new scripts and schedules, and additional PPTP secrets and interfaces – that’s what showed up on mine when I got hit. The log showed someone logging in via the API and adding a bunch of these items in rapid fire mode, like a script kiddie. They also tried FTP and a couple files from China, but I don’t believe those were successful in doing anything. The company’s party line is that if you load 6.42.1 or better, it will seek out and destroy any unauthorized additions to the file system. > On Jun 18, 2018, at 1:52 PM, Scott Reed via Mikrotik-users > <mikrotik-users@wispa.org> wrote: > > While we are getting everything on a network upgraded to avert the > infection threat on RouterOS, is there anything we can see to know that > the device is infected? > > -- > Scott Reed > SBRConsulting, LLC > Network and Wireless Consulting > WISPA Vendor Member > IN UMC Associate Lay Leader > SLI Coach Trained > > > --- > This email has been checked for viruses by AVG. > https://www.avg.com > > _______________________________________________ > Mikrotik-users mailing list > Mikrotik-users@wispa.org > http://lists.wispa.org/mailman/listinfo/mikrotik-users _______________________________________________ Mikrotik-users mailing list Mikrotik-users@wispa.org http://lists.wispa.org/mailman/listinfo/mikrotik-users