There is generally a script or two, sometimes they're scheduled. The API
and API-SSL services might have an IP block set to them. Services you
had disabled might be enabled now. There might be a RADIUS server setup
and in System-Users, on the AAA button, use RADIUS could be checked for
login
Only if you have MikroTik’s special NPK that allows you to view the file system
raw.
Otherwise, you should check for additional users, a change in your incoming
radius settings, new scripts and schedules, and additional PPTP secrets and
interfaces – that’s what showed up on mine when I got
While we are getting everything on a network upgraded to avert the
infection threat on RouterOS, is there anything we can see to know that
the device is infected?
--
Scott Reed
SBRConsulting, LLC
Network and Wireless Consulting
WISPA Vendor Member
IN UMC Associate Lay Leader
SLI Coach Trained