You need to check the permissions against the defined logins in the 'Security' tab in SQL Server Enterprise Manager - you can disallow access to specific databases from there. The public role is defined for each database and you just need to make sure that that user is not defined.

the other thing to check is that this user is not being authenticated by NT via ODBC or whatever.

Cheers,

P.