Antivirus software can generally detect most Trojan programs on their way into your system, but may not be able to detect or remove one that is actively running on your system. You can use a tool like The Cleanerto detect and remove Trojan programs from your computer. Make sure you use a current version so that the database is as up to date as possible.
I would also perform a scan using a spyware detecting program such as Ad Aware 6.0 or Spybot Search & Destroy (See Free Spyware Removal and Blocking Software). Many freeware and programs downloaded from the Internet may contain programs like these which monitor your actions and secretly report them back to some outside server via the Internet.
If you discovered any errant user accounts or permissions you will want to remove those. Delete any users that you are sure should not exist on your system and set the permissions and group membership for each of the users to what you believe it should be.
If you see other programs or processes from your evidence gathering efforts with the Task Manager that have not been eradicated still you can manually remove them. I would recommend you start by renaming the program file or simply moving it to another location in case it really is needed by your system and just looks weird to you. For processes you can disable the ability for the process to start. These interim steps give you an opportunity to try running your system to make sure these files aren’t necessary. If it turns out they aren’t necessary then you can go permanently remove them later.
After all of this is completed and you have rebooted the computer you should run netstat again to determine what ports are open on your computer and close the unnecessary ones. To get an idea of what ports are commonly used for what you can refer to this list: TCP / UDP Ports . Or, to see specifically what ports are used by known Trojans you can look here: Trojan List Sorted on Port
If you do have a backup of your system data, but did not want to completely rebuild your system from scratch you can still restore your system data at this time. However, depending on how frequently you backup your data and how long the hacker has been in your system the data on your backup may be corrupted as well. Make sure that any files you restore are also scanned for viruses and Trojans.
Now you are ready to move on to phase 6- take lessons from incident and apply them to secure for future. The primary lesson would be to secure your system better in the first place. The secondary lesson is to set up some monitoring that can alert you when intrusion occur or at least give you some log information to refer back to once you detect an intrusion.
If you were not already running antivirus software, you should get one installed immediately. You can look at the Free Antivirus & Virus Removal Software on this site or purchase a commercial product such as McAfee Virus Scan or Norton Antivirus.
As important as installing the antivirus software in the first place, it is imperative that you keep it updated. New malicious code threats are discovered just about every day. If you don’t update your antivirus software weekly you will be exposed to any new threats that have come out since you last updated.