1 This has nothing to do with BackTrack Linux.
2. Turn off RDP and the problem will be solved.
3. We can only assume that this "attacker" is trying to gain access to your "terminal sessions" based on what you have told us, which is very little.
4. How do you know you are a victim? Did you suffer any losses?
5. How do you know what the "attacker" is using for a "list of user names"?
6. How do you figure that your "user names are not ones" to be found in a "user list"?
7. How are we expected to "share ideas" considering there is really no question here?