Powershell is indeed included in Windows. I am running Windows 8 and checked under accessories and I could not see it, however if I type powershell into the search box then a powershell command window appears.



Powershell is basically the replacement for the old command prompt. Its been about since Vista although it can still be installed on Windows XP.



I would be very concerned if I were you though, my father was harassed for months by one of these scammers who was trying to get access to his PC. They're obviously not doing it for the fun. As a bear minimum I would make sure I had a proper firewall running, even if its just a trial and have it working with very tight restrictions so you can see every bit of traffic going in or out.



TBH if it was mine I would wipe and reinstall that computer. He could have put anything on it. It will not necessarily show in the Add/Remove programs, start menu or anywhere like that.



Hold Windows key and press 'R' and type msconfig. Go to the startup tab and look through the list. This is all of the programs that are set to start when you boot your PC. Anything suspicious then disable it. Next, have a look through scheduled tasks for anything that looks dodgy. If you are unsure about an item, then ask on here.



I'd still wipe it though.

1

Windows Powershell Virus

I agree with James that the best thing to do would be to wipe and reinstall the operating system on your computer. Hopefully your system came with a recovery partition so this process will be relatively hassle-free. You'll just have to be sure that all your files have been backed up beforehand because reinstalling the OS will take it back to the state at which you bought it. You'll have to reconfigure your user accounts and reinstall all your Windows Updates. If you don't have a recovery partition you'll have to contact your manufacturer for a Windows Vista CD. Microsoft doesn't make Vista downloads available anymore.

If you don't want to reinstall your operating system, then I would be very leery of a RAT (Remote Access Trojan) I have had one of these before, and they can be very nasty and undetectable because they can turn off antivirus software. They can not only steal your passwords and credit card and banking information, but can enable the remote user to have access to your computer for their own purposes--sending out spam, pornography, etc.

I would at the very least disable remote services on your system, whether or not you reinstall your OS. Go to Start/Computer/System Properties and select Remote Settings. You'll be asked to provide the Administrator password. Go to the Remote tab and uncheck "Allow Remote Assistance Connections to this Computer." Below that, in Remote Desktop, select "Don't Allow Connections to this computer."

*Log in under your Administrator Account.* Now go to Start and type Services into the Search box. This brings up the Services dialog box. There are three services you want to disable: Remote Desktop Configuration, Remote Desktop Services, and Remote Registry. Look to see if these services have been started. (probably so) To disable them, right-click and select Properties. Choose Stop if the service has been started. Now under Startup Type choose Disabled. Click Allow and Ok. Now Remote services on your PC have been disabled.

This also means that you won't be able to connect to a friend's PC to have him help you should you need help with something, so you'd have to re-enable these services should you need over-the network help from a friend in future.

The article below talks about RATs and how to detect them using the command line interpreter and the command netstat -ano. Very useful for seeing what's exfiltrating from your firewall. Pair it up with the task manager (CTL-ALT-DEL) to match up ports and Google port numbers to see which processes are using them.