Recently, when I was starting up my computer I found a strange user account that I hadn't created named "Remote Desktop Assistance Account". It is password protected, and whenever I remove it from the Control Panel I find it re-created the next time I start-up. Does this mean that someone is gaining access to my computer? How can I fix this problem? I am using Eset Smart Security with the latest virus and spyware definitions, I tried online scanning with Live OneCare. I also tried scanning with Windows Defender. Can you please help me?Thanks,Sam.2 people need an answerI do too

Hello Sam;I have had this same problem since January 27th. The only difference is that name is different. In Documents and Settings I found a new user file called "HelpAssistant" and a Firewall Services port that is created and checked off to allow someone to access my computer using Remote Desktop. Microsoft has not been responding to my inquiries about it being legitimate. I still have not been able to figure out which program generates additional Services ports on the Firewall exceptions list, but it is suspect. I was using "Computer Management" to disable this user account. I was using Computer Properties to clear the Remote Desktop check mark in the remote tab. I deleted the HelpAssistant file because it was too large and it copied all of my personal files from folders that were configured as private. I tested this in "safe mode" by logging in as the Administrator and I discovered that the files which are configured as private in my folder cannot be accessed. The copies of these files in the HelpAssistant folder cannot be made private and can be freely accessed by any user. I finally identified the port this program was using as TCP 3246 (DVT System Port). Each time I restart the computer, the Windows Firewall exceptions lists it with a check mark. I have been unplugging from the internet before restarting so that when the computer is restarted, I can go into the firewall and uncheck the box before I reconnect to the internet. This program is always trying different ways to get in by creating Various "Unassigned" ports for Services and periodically alternating between them. So far, there have been five additional Services Ports added to the Windows Firewall exceptions list in an attempt to get into my system. If you do not disable the Services ports that are created or checked off on the exceptions list, it will reactivate remote desktop and reenable its account and begin the process of reloading it user account file along with all of your private information. It was suggested to me recently that using WinPatrol to monitor my files and settings along with restoring firewall to default settings. I don't think it will work because each time the computer is restarted, this program will still be there to recreate all of these alternating ports to get direct access using "remote desktop". So far, there are no free solutions to this problem and I cannot afford to fix it if it; requires hiring a technician to fix it; requires reloading my operating system onto a new hard drive; or buying a lot of expensive software to find the problem. Hopefully, there is a person on line who is knowlegible enough to provide a simple solution to this problem for our benefit. As far as I'm concerned, my computer has been hacked by someone clever enough to do it without a recognizable virus, spyware, root kit, or someother clever device. I've used every up-to-date and installed free malware scanner that I can find and nothing has been detected. I need an answer to this problem, too.

Hello Sam; To update you on my situation; it has been confirmed that I have what it called a boot sector virus called Troj/Mbroot-H. This Trojan was apparently installed by a rootkit called Mal/Sinowa-?. It is directly responsible for installing Firewall Services Exceptions ports during computer restart, logging on with its user account through remote desktop, and downloading its unsecured user account file. In my situation, I have a custom boot partition and rewriting the MBR may cause me to lose access to my current operating system. This requires me to save what I can and start over from scratch with installation of everything. If you are not an technical level user, I recommend that you take your computer to a fully qualified professional computer technician for diagnostics and repair. Best Regards Spacejunkie1