Ok, for starters lets clear up a few things...
disconnect your computer from the internet/get a new IP address maybe?
Most Trojans have IP notification, meaning every time you dial up, a notification message (either ICQ/CGI/PHP/E-mail) is sent out to the trojan user displaying your IP address.
From what I've read, some infected users with these backdoors or subseven scan others without even knowing it. Thats part of the trojan's job is to spread itself. Even though this person may not be doing it intentionally, you should still report his IP with the Firewall logs to his ISP.
That is false, Trojan's do
NOT spread. Infected user's are at risk by other "trojanner's" especially if there IP is listed at a Public "victim" list that some trojan site's set-up for the public.
Sounds Like a subseven to Me... If It Was A Real Hacker not a POSER then you wouldn't even know they were there anyway.. Firewalls do not stop hackers just slow them down... (Bout 30seconds)
Subseven is not a seperate program, Subseven is just a mere popular trojan as it still has the highest infectious rate of all trojans, it usually connects to port 27374. Also, I hate to burst your bubble, but even professional "hackers" use trojans to compromise system security, once they have access they upload and execute a trojan server to easily maintain the "victim".
How can you prevent all this?? You already have! Your firewall is doing your job, don't accept any files from any untrusted source, as you could be given an AV/FW killer which is especially designed to kill Anti-Virus and Firewall programs and still make the user beleive that there AV/FW is running. If it was me, I'd do a whois on the IP as suggested before and report it to the ISP.