Why am I seeing a very high upload and download rate on my network?

Jay July 11, 2011
Pinterest Stumbleupon Whatsapp
Ads by Google

I am running Windows 7 Ultimate edition and in the past few weeks I am noticing that the internet download/upload volume on my computer is alarmingly high, as in 100s of gigabytes per day.

My internet speed is not slow or anything. I run networx network monitoring software on my desktop and it clearly records the total upload/download traffic on an hourly/daily/weekly/monthly basis. I checked for restore points and there aren’t any, possibly deleted by the virus. I checked for weird programs/processes running in the background and there aren’t any funky/unrecognized. I also checked add/remove programs for anything unrecognized.

I know that botnets/zombies are using for DDOS attacks and sending spams, which means there will be a huge upload from the hijacked PC, but on my machine I see a huge download also (10s of gigabytes every daz). I don’t see my hard drive getting filled though.

What kind of virus it could be and is there any way other than reformatting? Please help!

Is that a terrible virus? Please advice. Malwarebytes/Ad-aware/Avast antivirus are not finding anything.

  1. Bruce Epper
    July 13, 2011 at 10:44 pm

    Is Networx configured to just monitor your Internet traffic, or is it measuring everything.  If it is measuring everything, this is including the traffic on your local network, so if you have other machines sharing with your desktop, this number will almost always be high.

  2. Mike
    July 12, 2011 at 10:43 am

    Traffic around 10-15GB per day doesn't sound alarming to me. I get this myself with only 4096/756Kbit speeds.

    What most people underestimate is the traffic caused by all kinds of Flash content for example YouTube or Live Streams via Flash. There is a lot of high quality content on the internet which results in a lot of data transfer.
    Another option is P2P ~ if you are running Torrent it will result in a lot of traffic because you not only download but also upload data at the same time.
    Also, have you checked whether there are software updates running in the background?

    If you want to know what's causing the traffic on your own computer I suggest to use the Resource Monitor. You can find it within the Start menu under "All Programs > Accessories > System Tools". 
    Go to the Network tab and expand the Network Activity view. In the headline you will see the total usage in Mbit/Kbit per second while the detailed list shows you each process and it's current Bytes per second (there is no scaling so if you see something taking 10.000B/s this really means it's just 10KByte per second).

    You said you see 100GB per day and later it's 10GB a day - what are these numbers and where do they appear? As I said 10GB isn't too abnormal. It vastly depends on where these 100GB are measured. If this is measured by your provider I suggest to control all devices on your network. If it's solely your computer the above should reveal something (at least whether it's some active program or something hidden).

    Of course there is the possibility of your computer/connection being high-jacked. In that case it's highly unlikely to find such a program "visually" (e.g. in Task Manager). 
    They either hide themselves completely or use a regular name like "svchost.exe" which is know to be running several times and therefor don't alarm you. Once they are active they are also capable to bypass AntiVirus software.

    I suggest to run one (or maybe both) of the following tools:
    DrWeb CureIt
    http://www.freedrweb.com/cureit/
    Sophos Anti-Rootkit
    http://www.sophos.com/en-us/products/free-tools/sophos-anti-rootkit.aspx 

    Last but not least if those traffic numbers are from your provider (e.g. their customer portal) there is the option that the traffic doesn't origin from your computer(s). It could be someone else using your WiFi (if present) or the Router itself being compromised. Lately there have been quite some security vulnerabilities for Routers going on.