Looks like you do not have a backup, too bad, it would be easier to delete and reload it fresh!
you may try to download winftp if you double click a file in the right pan it will open it, let you edit it, then will ask again for your password and saves it.
further you tried to schmod the files didn't you?
(not on Wins server, and I do not know anything about wins server)
what's about through SSH?

we do not have a backup, no. It's not really my project, so I don't really have control over whether a back up is made. However the getting rid of the trojans is my project.

Why would I not be able to open the infected files. I'm not executing them, just looking at them and editing.

The file has likely been quarantined by your antivirus software or perhaps firewall software. In order to "play" around with it, you have to restore it from quarantine and then turn off your virus protection utilities temporarily. NOTE: THIS IS NOT ADVISED. Unless you really know what you are doing you could disable your operating system and/or compromise your machine. Even if you really know what you are doing this is a possibility!

It sounds as if your situation is likely that you have a compromised server somehow and yes, you now have obfuscated or encoded JavaScript code in one or more of your files. If you have a backup of the file, pre-compromised state, rename the compromised file on your server and send the last good copy back over. You can rename the extension on the compromised file as well, so that JavaScript will not execute if you accidentally attempted to open the file.

thanks for everyone's help

When are you getting the Access is Denied message, when you try to download the file to your PC? or from Windows Explorer when you try to open the file?

If the file itself is already on your hard drive, and you get the message in Windows Explorer, then it does sound like your antivirus program might have locked or quarantined it.

But if you are unable to download the file, it might be because the hack changed the file's owner (on the server) to "nobody". On Linux servers, files are owned by the account that created them, which is usually you, your userID on the server. But on some Linux servers, PHP runs as the "nobody" user, and when it writes a file, that file becomes owned by "nobody" which is not the same user as you, so you are denied access to it. Many website hacks are done by PHP scripts, which would result in the modified files being owned by nobody.

I believe the possible solutions are to use Linux commands (by shell or by cron) to change the ownership on those files, and I think you might also be able to write and upload a PHP script that will change ownership of the files. I think the PHP command is "chown", and the Linux command might be the same.

If this is the problem, those are some things to use as search terms. Sorry I can't be more specific, but I've not had to do this myself.

Edit: I'm not completely sure that even PHP or cron will be able to change ownership. You might have to get help from the webhost.

[edited by: SteveWh at 12:32 am (utc) on May 21, 2009]

I can download ok, it's only when i try to open the file to look at it. I guess it's the antivirus keeping it 'sealed'.

Yes as Coopster said, you will need to disable your AntiVirus auto protect or real time detection (leave firewall on, better yet block all traffic) in order to access the files.

Chances are it's just a js iframe that won't cause harm if you just edit the file, but it's best to manipulate the files on a test machine or in a sandbox environment to be sure.

welcome to WebmasterWorld [webmasterworld.com], Taree!