Thanks Paul thats a VERY handy tip in future...
We found out we had been somehow hacked (!!??) in public-html/admin/index.php no idea how or by who or why. as mentioned elsewhere we need to dump our hosting company - suggestions welcome - though not necc moodle partners as they tend to be too boutiquey
D