Using netstat you can list the PID or process which is controlling the connection and then go remove the executable. You could also check the registry, or msconfig (startup items), services.msc, etc.2b) And how the malicious (?) file can be detached from the system file & remove?
The biggest problem would be identifying the vulnerability which was exploited to gain access to/control over the box. However, in general lacking OS updates are usually the culprit.