Hi Jot - With respect to my previous post:
Did you run SysClean?
Did you use the Brown Removal tool?
Have you tried using Pest Patrol to remove this trojan?
If not, then do all of these first.
In addition:
#########IMPORTANT#########
Before you try to remove spyware using any of the programs below, download
both a copy of LSPFIX here:
http://www.cexx.org/lspfix.htm
AND a copy of Winsockfix for W95, W98, and ME
http://www.tacktech.com/pub/winsockfix/WinsockFix.zip
Directions here:
http://www.tacktech.com/display.cfm?ttid=257
or here for Win2k/XP
http://files.webattack.com/localdl834/WinsockxpFix.exe
Info here:
http://www.spychecker.com/program/winsockxpfix.html
Directions here:
http://www.iup.edu/house/resnet/winfix.shtm
The process of removing certain malware may kill your internet connection.
If this should occur, these programs, LSPFIX and WINSOCKFIX, will enable you
to regain your connection.
NOTE: It is reported that in XP SP2, the Run command netsh winsock reset
will fix this problem without the need for these programs. (You can also
try this if you're on XP SP1. There has also been one, as yet unconfirmed,
report that this also works there.) Also, one MS technician suggested the
following sequence:
netsh int reset all
ipconfig /flushdns
See also:
http://windowsxp.mvps.org/winsock.htm for additional XPSP2
info/approaches using the netsh command.
#########IMPORTANT#########
#########IMPORTANT#########
Show hidden files and run all of the following removal tools from Safe mode
or a "Clean Boot" when possible. Reboot and test if the malware is fixed
after using each tool.
HOW TO Enable Hidden Files
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339
Clean Boot - General Win2k(if w/msconfig)/XP procedure, but see below for
links for other OS's:
1. Start|Run enter msconfig.
2. On the General tab, click Selective Startup, and then clear the Process
System.ini File, Process WIn.ini File, and Load Startup Items check boxes.
Leave the boot.ini boxes however they are currently set.
3. In the Services tab, check the "Hide All Microsoft Services" checkbox,
and then click the "Disable All" button.
4. Click OK and then reboot.
For additional information about how to clean boot your operating system,
click the following article numbers to view the articles in the Microsoft
Knowledge Base:
310353 How to Perform a Clean Boot in Windows XP
http://support.microsoft.com/kb/310353
281770 How to Perform Clean-Boot Troubleshooting for Windows 2000
http://support.microsoft.com/kb/281770/EN-US/
267288 How to Perform a Clean Boot in Windows Millennium Edition
http://support.microsoft.com/kb/267288/EN-US/
192926 How to Perform Clean-Boot Troubleshooting for Windows 98
http://support.microsoft.com/kb/192926/EN-US/
243039 How to Perform a Clean Boot in Windows 95
http://support.microsoft.com/kb/243039/EN-US/
#########IMPORTANT#########
Download and run the trial version of A2 Personal, here:
http://www.emsisoft.com/en/ Run from a Clean Boot or Safe Mode with Show
Hidden Files enabled as above.
Sometimes these tools will find files which they are unable to delete
because they are in use. A program called Copylock, here,
http://noeld.com/programs.asp?cat=misc#CopyLock can aid in the process of
"replacing, moving, renaming or deleting one or many files which are
currently in use (e.g. system files like comctl32.dll, or virus/trojan
files.)" Another is Killbox, here:
http://www.downloads.subratam.org/KillBox.zip
A third which is a bit different but often useful is Delete Invalid File,
here:
http://www.purgeie.com/delinv.htm which handles invalid/UNC
file/folder name deleting, rather than the in use problem
For the general hijack case, the best way to start is to get Ad-Aware SE
Personal Edition, here:
http://www.lavasoftusa.com/support/download/.
UPDATE, set it up in accordance with this:
http://forum.aumha.org/viewtopic.php?t=5877 and run this regularly to get
rid of most "spyware/hijackware" on your machine. If it has to fix things,
be sure to re-boot and rerun AdAware again and repeat this cycle until you
get a clean scan. The reason is that it may have to remove things which
are currently "in use" before it can then clean up others.
Then, courtesy of NonSuch at Lockergnome, open Ad-aware then click the gear
wheel at the top and check these options to configure Ad-aware for a
customized scan:
General> activate these: "Automatically save log-file" and "Automatically
quarantine objects prior to removal"
Scanning > activate these: "Scan within archives", "Scan active processes",
"Scan registry", "Deep scan registry," "Scan my IE Favorites for banned
sites," and "Scan my Hosts file"
Tweaks > Scanning Engine> activate this: "Unload recognized processes during
scanning."
Tweaks > Cleaning Engine: activate these: "Automatically try to unregister
objects prior to deletion" and "Let Windows remove files in use after
reboot."
Click "Proceed" to save your settings, then click "Start." Make sure
"Activate in-depth scan" is ticked green, then scan your system. When the
scan is finished, the screen will tell you if anything has been found, click
"Next." The bad files will be listed. Right click the pane and click "Select
all objects" - This will put a check mark in the box at the side, click
"Next" again and click "OK" at the prompt "# objects will be removed.
Continue?"
Courtesy of
http://www.nondisputandum.com/html/anti_spyware.html: HINT: If
Ad Aware is automatically shut-down by a malicious software, first run
AWCloak.exe,
http://www.lavasoftnews.com/downloads/AAWCloak.exe, before
opening Ad Aware. When AAWCloak is open, click “Activate Cloakâ€. Then open
Ad Aware and scan your system.
Another excellent program for this purpose is SpyBot Search and Destroy
available here:
http://security.kolla.de/ SpyBot Support Forum here:
http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi. Tutorial
here:
http://www.safer-networking.org/en/index.html I recommend using both
normally. Be sure and use the Default (NOT Advanced or Beta) Mode in
Settings.
After UPDATING and fixing ONLY RED things with SpyBot S&D, be sure to
re-boot and rerun SpyBot again and repeat this cycle until you get a clean
"no red" scan. The reason is that SpyBot sometimes has to remove things
which are currently "in use" before it can then clean up others. Note that
sometimes you need to make a judgement call about what these programs report
as spyware. See here, for example:
http://www.imilly.com/alexa.htm
Note that sometimes you need to make a judgement call about what these
programs report as spyware. See here, for example:
http://www.imilly.com/alexa.htm
A currently common parasite is some malware called CoolWebSearch. Do the
following:
Download, UPDATE before running, and run:
http://cwshredder.net/bin/CWSInstall.exe from this page:
http://www.intermute.com/spysubtract/cwshredder_download.html (The new v.2
which will automatically install in C:\Program
Files\InterMute\SpySubtract\CWShredder.exe and put a shortcut on the
Desktop. Run the program from this install location or the shortcut after
installation. This recommendation for CWShredder is NOT automatically a
recommendation for the other programs adverstised by Intermute in
conjunction with this install.) or
http://209.133.47.200/~merijn/files/CWShredder.exe or here:
http://hem.bredband.net/b157129/f/cwshredder.zip or here:
http://www.softpedia.com/public/scripts/downloadhero/10-17-150/ or here:
http://www.zerosrealm.com/downloads/CWShredder.zip
to remove the parasite. Try to run from Safe mode or a Clean Boot and be
sure to close ALL other programs to the extent possible, expecially ALL
instances of IE and OE.
There's a good tutorial about CWS and using CWShredder here:
http://www.bleepingcomputer.com/forums/index.php?showtutorial=47#domain See
also:
http://cwshredder.net/cwshredder/cwschronicles.html
BE SURE that you get v.1.59.0.1 or later or the new v.2! Note that
CWShredder may make deletions/changes to your HOSTS file (sometimes as false
positives), and that after cleanup you may need to restore it with a fresh
copy of any local DNS and/or blocking entries or disable it before running
CWShredder.
You will need to show Hidden files first and then at the end clear the
malware garbage from your System Restore backups after you've cleaned up.
It's best to perform CWShredder (and most other malware fixers too) from
Safe mode and then reboot. AFTER cleaning things up, then you can disable
and then re-enable System Restore. See ******** below.
The following links give instructions on how to do these various functions:
HOW TO Restart in Safe Mode
<
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406>
HOW TO Enable Hidden Files
<
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339>
HOW TO Disable/Flush System Restore (do this at the end AFTER cleaning or
use the suggested procedure for XP at the ******'s)
<
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039>
(WinXP)
<
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001012513122239>
(WinME)
Then download and run:
http://www.kellys-korner-xp.com/regs_edits/iegentabs.reg to restore your
tabs and remove any restrictions that the parasite has put in place.
Now download and run:
http://www.kellys-korner-xp.com/regs_edits/RestoreSearch2.REG to restore
your search functions if they've been affected (as they probably will have
been).
Be sure that you also download and install hotfix Q816093, here:
http://support.microsoft.com/?kbid=816093
which blocks the exploit upon which this parasite family depends.
There are extensive, detailed instructions for manual removal of CWS
variants here:
http://www.pestpatrol.com/PestInfo/c/cws.asp You may want
to check these to be sure everythings been cleaned up.
When done, go to Start|Run and enter one line at a time (or even easier,
open a DOS box and copy the following in its entirety and then paste it into
the box):
regsvr32 hlink.dll
regsvr32 /i browseui.dll
regsvr32 /i shdocvw.dll
regsvr32 /i mshtml.dll
regsvr32 mshtmled.dll
regsvr32 actxprxy.dll
regsvr32 /i urlmon.dll
regsvr32 scrrun.dll
regsvr32 comcat.dll
regsvr32 Oleaut32.dll
regsvr32 /i Shell32.dll
regsvr32 Msoeacct.dll
regsvr32 "C:\Program Files\Outlook Express\Msoe.dll"
regsvr32 msjava.dll
regsvr32 jscript.dll
regsvr32 Olepro32.dll
regsvr32 Hlink.dll
regsvr32 Asctrls.ocx
regsvr32 Inetcpl.cpl /i
regsvr32 Dxtrans.dll
regsvr32 Dxtmsft.dll
regsvr32 Imgutil.dll
regsvr32 Msxml.dll
regsvr32 Msjava.dll
regsvr32 Jscript.dll
regsvr32 Softpub.dll
regsvr32 Wintrust.dll
regsvr32 Initpki.dll
regsvr32 Dssenh.dll
regsvr32 Rsaenh.dll
regsvr32 Gpkcsp.dll
regsvr32 Slbcsp.dll
regsvr32 Cryptdlg.dll
regsvr32 Msjet40.dll
regsvr32 pdm32.dll
regsvr32 Msjtor40.dll
regsvr32 Dao360.dll
regsvr32 Sccbase.dll
with a Return after each .dll. You'll get a message about successful
completion of the re-registration process after each one, then enter the
next (with the DOS box they'll be continuous except for the last one).
If you use Win98x and get an error on Shell32.dll, ignore it. Only the ME,
Win2k and XP versions of windows have shell32 as an object that needs
registering. (For these earlier operating systems, run "regsvr32
shdoc401.dll " instead of "regsvr32 Shell32.dll".) Depending on your
system, you may also get "not found" error messages on some or all of the
last five - if so, ignore them.
Re-start your computer when you've finished.
If they don't fix it then start here:
Download HijackThis, free, here:
http://209.133.47.200/~merijn/files/HijackThis.exe (Always download a new
fresh copy of HijackThis [and CWShredder also] - It's UPDATED frequently.)
You may also get it here if that link is blocked:
http://www.majorgeeks.com/downloadget.php?id=3155&file=3&evp=3304750663b552982a8baee6434cfc13
or here:
http://www.bleepingcomputer.com/files/spyware/hijackthis.zip
There's a good "How-to-Use" tutorial here:
http://computercops.biz/HijackThis.html
In Windows Explorer, click on Tools|Folder Options|View and check "Show
hidden files and folders" and uncheck "Hide protected operating system
files". (You may want to restore these when you're all finished with
HijackThis.)
Place HijackThis.exe or unzip HijackThis.zip into its own dedicated folder
at the root level such as C:\HijackThis (NOT in a Temp folder or on your
Desktop), reboot to Safe mode, start HT (have ONLY HT running - IE MUST be
closed) then press Scan. Click on SaveLog when it's finished which will
create hijackthis.log. Now click the Config button, then Misc Tools and
click on Generate StartupList.log which will create Startuplist.txt.
Then go to one of the following forums:
Spyware and Hijackware Removal Support, here:
http://216.180.233.162/~swicom/forums/
or Net-Integration here:
http://www.net-integration.net/cgi-...86d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949
or Tom Coyote here:
http://forums.tomcoyote.org/index.php?act=idx
or Jim Eshelman's site here:
http://forum.aumha.org/
or Bleepingcomputer here:
http://www.bleepingcomputer.com/
Register if necessary, then sign in and READ THE DIRECTIONS at the beginning
of the particular sites HiJackThis forum, then copy and paste both files
into a message asking for assistance, Someone will answer with detailed
instructions for the removal of your parasite(s). Be sure you include at
the beginning of your post "What problem(s) you're trying to solve" and
"What steps you've already taken."
*******
ONLY IF you've successfully eliminated the malware, you can now make a new,
clean Restore Point and delete any previously saved (possibly infected)
ones. The following suggested approach is courtesy of Gary Woodruff: For XP
you can run a Disk Cleanup cycle and then look in the More Options tab. The
System Restore option removes all but the latest Restore Point. If there
hasn't been one made since the system was cleaned you should manually create
one before dumping the old possibly infected ones.
*******
Once you get this cleaned up, you might want to consider installing Eric
Howes' IESpyAds, SpywareBlaster and SpywareGuard here to help prevent this
kind of thing from happening in the future:
IESpyads -
https://netfiles.uiuc.edu/ehowes/www/resource.htm "IE-SPYAD adds
a long list of sites and domains associated with known advertisers,
marketers, and crapware pushers to the Restricted sites zone of Internet
Explorer. Once you merge this list of sites and domains into the Registry,
the web sites for these companies will not be able to use cookies, ActiveX
controls, Java applets, or scripting to compromise your privacy or your PC
while you surf the Net. Nor will they be able to use your browser to push
unwanted pop-ups, cookies, or auto-installing programs on your PC." Read
carefully.
http://www.javacoolsoftware.com/spywareblaster.html (Prevents malware Active
X installs) (BTW, SpyWareBlaster is not memory resident ... no CPU or memory
load - but keep it UPDATED) The latest version as of this writing will
prevent installation or prevent the malware from running if it is already
installed, and it provides information and fixit-links for a variety of
parasites.
http://www.javacoolsoftware.com/spywareguard.html (Monitors for attempts to
install malware) Keep it UPDATED. All three Very Highly Recommended
Next, install and keep updated a good HOSTS file. It can help you avoid
most adware/malware. See here:
http://www.mvps.org/winhelp2002/hosts.htm
(Be sure it's named/renamed HOSTS - all caps, no extension) Additional
tutorials here:
http://www.bleepingcomputer.com/forums/index.php?s=14f3f9225081133297a8acdd11137c5b&showtutorial=51
(detailed) and here:
http://www.spywarewarrior.com/viewtopic.php?t=410
(overview)
Finally, be sure that you have a good hardware or software firewall and an
AntiVirus installed, and bring your OS up-to-date with ALL Critical updates
--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP
In
Jot said:
No mate :0(
Virus still there :0( Tried everything and searched the forum on
www.hijackthis.de/en
I'm at a complete lost?
Thanks...Jot
Brian S. Craigie said:
Try scanning with AVG7 from
www.grisoft.com or housecall online at
http://housecall.trendmicro.com/housecall/start_corp.asp
Also try Hijackthis (
www.hijackthis.de)
Brian
Hi all,
Thanks for your help.
I have tried everything and still can't get rid of this virus
(Trojan.Qhosts)
Do you have any other suggestions I can try?
Is there a removal tool that sorts this virus out once an for all?
Sorry, to sound annoyed but I've kind of had enough :-(
Please Please Please advise,
Many thanks, Jot
:
Jim & everyone else, thank you.
There's alot here for me to try, thank you. I will start and let
you know how I get on.
Fingers crossed ;-)
Regards,
Jot
:
Hi Jot - The Brown University tool is much more effective. See
below. Here's my "standard" QHosts post:
You've apparently gotten infected with the QHosts trojan. Read
here for information:
http://www.sarc.com/avcenter/venc/data/trojan.qhosts.html
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100719
http://www3.ca.com/virusinfo/virus.aspx?ID=37191
Try the following:
1. Be sure that you install hotfix 828750 which fixes the exploit
that this virus uses:
http://www.microsoft.com/windows/ie/downloads/critical/828750/default.asp
2. Update and run a complete Anti-Virus software check of your
system. Most of the major AV companies have updated their latest
signatures to detect this virus (for Network Associates (McAfee),
be sure to get the EXTRADAT.exe update from the above page as
well as your regular update).
Download sysclean.com , from Trend Micro, here:
http://www.trendmicro.com/download/dcs.asp along with the latest
pattern file, here:
http://www.trendmicro.com/download/pattern.asp Be sure to read
the "How-to" info here:
http://www.trendmicro.com/ftp/products/tsc/readme.txt (You might
also want to get Art's updater, SYS-UP.Zip, here for future
updating of these:
http://home.epix.net/~artnpeg/). (If you
download and use the updater from the beginning, it will
automatically handle downloading the other files.) Place them in
a dedicated folder after appropriate unzipping. Show hidden and
system files (HowTo here:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339)
Disable Restore if you're on XP or ME (directions here:
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm),
then boot to Safe mode (HowTo here:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)
Read tscreadme.txt carefully, then do a complete scan of
your system in Safe mode and clean or delete anything it finds.
Reboot to normal mode and re-run the scan again.
This scan may take a long time, as Sysclean is VERY extensive and
thorough. For example, one user reported that Sysclean found 69
hits that an immediately prior Norton AV v. 11.0.2.4 run had
missed.
3a. If running your AV doesn't clean it up, go to this page, read
the directions CAREFULLY (particularly about the Restore option)
and download and run the removal tool:
http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.removal.tool.html
3b. An alternative that by report works much better than the
Symantec tool is the Brown University Removal Tool, here:
http://software.brown.edu/dist/w-cleanqhosts.html THIS WOULD BE
MY PRIMARY RECOMMENDATION
If that still doesn't clean it up (and a number of people are
reporting that it did not with the Symantec tool), then follow
the Manual Removal instructions at the link in 3a. The following
is courtesy of Mike Burgess:
"Does a HOSTS file still exist in Windows\Help?
Trojan Qhosts hijacks the HOSTS file, however unlike normal
redirectors, this one hides the HOSTS file in the "Windows\Help"
folder. It then
creates entries that redirects all major search engines to a
website.
Note: this website has now been removed, thus the DNS errors.
[more info]
http://www.mvps.org/winhelp2002/hosts.htm (bottom of page)
Run the beta version of HijackThis
(
http://www.spywareinfo.com/~merijn/files/beta/hijackthis.zip)
_______________________________________
Mike Burgess
http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a
HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated
9-30-03]
Please post replies to this Newsgroup, email address is invalid"
Just to follow up on this - there may be multiple different HOSTS
files on your machine with the trojan's settings some of which
cannot not be removed by the Removal Tools, and you'll need to do
a search to find and just delete them all, or clean them per the
manual directions at the Symantec site. A very useful tool for
this purpose is HostFileReader, available here courtesy of
Option^Explicit:
http://members.shaw.ca/techcd/VB_Projects/HostsFileReader.zip
(This link may not be good anymore! If not, try and find it
elsewhere or contact me with a good email addy - demung my email
- and I'll send it to you - about 20kB zipped.) This will locate
all of the HOSTS files on your designated partition and allow you
to remove them individually. Recommended, especially for the
qHosts worm problem.
4. You probably will then need to restore your HOSTS file if you
plan to use it for DNS speedup and/or ad blocking. Download the
Hosts File Reader as above. Then:
To create a new Default version of HOSTS, run the program, click
the "Reset Default" button. Note that this is NOT a recreation
of your original HOSTS file, but a brand new "initialized" one
correctly named HOSTS in the appropriate folder for your OS
(Windows XP\2000 Location: - C:\WINDOWS\SYSTEM32\DRIVERS\ETC or
Windows 98\ME Location: - C:\WINDOWS). If you've been using your
HOSTS file for ad blocking (see
http://www.mvps.org/winhelp2002/hosts.htm Blocking Unwanted Ads
with a Hosts File) and/or DNS speedup, then you'll need to reset
the new default you've created for that purpose. (Using this
HOSTS file for Ad blockikng is recommended, BTW, since it also
blocks a lot of "malware" as well as offensive advertising.)
5. Pest Patrol is also supposed to be able to eliminate this
Trojan, but I can't verify that personally.
--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP
In Jot <
[email protected]> typed:
Hi,
Here is a the enteries from the "Hosts" file.
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for
Windows. #
# This file contains the mappings of IP addresses to host names.
Each # entry should be kept on an individual line. The IP
address should # be placed in the first column followed by the
corresponding host name. # The IP address and the host name
should be separated by at least one # space.
#
# Additionally, comments (such as these) may be inserted on
individual # lines or following the machine name denoted by a
'#' symbol. #
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
Nothing much really.
Any ideas?
Thanks,
Jot
:
There should only be 5 Files in the etc. folder. 8 bit signed
file lmhosts.sam & 4 compressed files, network, protocol,
services & hosts. Anything else try moving it to the desk top.
It don't belong there. Reboot your PC. Now you should be able
to delete the crap or 1 piece of the crap yourself.
:
Hi,
Thanks for you advice.
I have moved the hosts file to my desktop, same problem :-(
I have already tried turning off System Restore and running the
Symantec Removal Tool in Safe Mode, same problem :-(
I don't understand I have tried more or less everything but
this Virus seems to be immune to everything?
When I first discovered the virus 2 weeks ago I found it made
changes to the "hosts" file. The virus appended several webs
site to invalid IP addresses i.e.
www.microsoft.com
172.45.2.66 The virus only appeared to have done this once.
I erased these then was able to browse the Mircrosoft site.
I don't know why I'm getting this virus alert when the "hosts"
file is accessed (manually or by an application).
Please help....Jot
:
Hi,
Run the removal tool in Safe mode.
How to start in Safe mode:
http://www.rickrogers.org/fixes.htm#Safe mode
--
Best of Luck,
Rick Rogers, aka "Nutcase" - Microsoft MVP
Associate Expert - WindowsXP Expert Zone
Windows help -
www.rickrogers.org
Seasonal greetings to you all,
I need some help with my Laptop (SONY FX503) running Norton
AntiVirus 2003 with the latest updates from Symantec.
Norton has detected a virus called Trojan.Qhosts
I have followed the Symantec Norton's advice by downloading a
Trojan.Qhosts
removal tool but I still have this virus :-(
http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html
Basically, when I try to access the Internet via my Netgear
ADSL firewall router, I receive a alert stating that a
Trojan.Qhosts Virus has been found
and it has been successfully removed.
All appears fine until the next reboot and get the same
message.
I have also noticed that if I click on the hosts file found
in c:\windows\system32\drivers\etc the alert automatically
pops up. Not having
to connect to the Internet to trigger the virus. So, I'm
thinking that this
is not a Internet problem, more a problem with whatever
tries to access the
hosts file.
All Symantec Norton keep saying is to follow the online help,
which I done and now at a complete lost.
I don't want to reformat my hard drive for a virus and I
have 4 years of information on it.
I have spent over two weeks on this problem.
Please can someone help?
Many thanks
Jot