Windows teck wouldn't do i twhat you have is just some idiot who got your IP address and found an open port and then used it to send th backdoor. I have actually scanned my computer for open orts and what not but it is complicated so don't try it. THis is what you should do
You can't stop hacker's because they are very tricky guys. I dealt with them and have a couple friends who do that dumb stuff.But if you keep trying you can stop them.
First Download all the following tools
Smitfraudfix( This is a utility no need to install)
http//siri.geekstogo.com/SmitfraudFix.exe
Vundofix(This is a utility no need to install)
http//www.atribune.org/ccount/click.php?id=4
PrevX CSI PC Check(This is an outside malware scanner that doesn't interefere with anti-virus)
http//www.prevx.com/freescan.asp
SUPERantispyware (This is an antispyware)
http//www.superantispyware.com
Combofix.exe( Last option but most effective)
http//download.bleepingcomputer.com/sUBs/ComboFix.exe
Most of the utilities are used because then the back door can't detect them installed on your system,
NEXT get a firewall
I suggest Zonealarm it is free and it gives you the option of what to do.
At this point you should install SUPERantispyware and update but do not scan.
Use the firewall and block all internet traffic this way the hacker loses contact with you and will not be able to do anything.
Now that the internet is stopped Scan with SUPERantispyware and remove all that is detected
If you have to reboot do as so but don't forget to block internet traffic.
Then Scan with PrevX CSI and get rid of any problems that it detects.
Now to use the utilities
Smitfraudfix
* Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
* Double-click smitfraudfix.exe
* Select 2 and hit Enter to delete infect files.
* You will be prompted Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
* The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found) Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
* A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C
apport.txt
Vundofix
* Double-click VundoFix.exe to run it.
* When VundoFix opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
Last but not least Combofix
* Important Notes
o you MUST save & later run this to from your Desktop. Do not run it yet!!!!!!
o If you are running Kaspersky antivirus, it may popup warnings about combofix.exe and catchme.exe being infected as Heur.Invader. These are false indications. You must tell Kaspersky to Skip or Ignore these and let ComboFix run. McAfee may also intefere with ComboFix
* Now right click on the combofix.exe icon on your Desktop and select rename. Rename it to cf.exe This may help ComboFix to run where certain malware attempts to block the original file name from running.
* Now click Start, select Run.. and Copy and Paste the below exactly as written into the Run box and then click the OK button
"%userprofile%desktopcf.exe" /killall
* When you you do this properly the Run dialog form should look like the below ( click to enlarge the image )
CF_KillAll2.jpg
* Now ComboFix will begin to run. When it runs it will do the below inorder to most effectively perform its job
o It will terminate some running processes.
o It will set your clock to a 24 hour setting (will be restored to normal when finished running properly)
o It will disconnect your PC from the internet. The connection is automatically restored before ComboFix completes its run. If ComboFix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
o If malware is found, ComboFix will reboot your PC automatically when finished with the scan. When you PC restarts and after you log back in, ComboFix will finish running and create a log. Do not interrupt this process.
* Notes
o Do not mouseclick combofix's window while it is running. That may cause it to stall.
o Do not attempt to use the internet or run anything else while it is running as you will most likely interfere with what it needs to do.
*
When finished, it will produce a log ( Ccombofix.txt ) for you. You will need to attach this log to your next message.
