I am no expert so here goes... I noticed yesterday that my internet connection was running a little slower than is usual. That sometimes happens, but when I look at the internet connection staus dialog box, I see that I am sending large amounts of data along my internet connection.

It is constant and at my upload speed of 230 kbps (tested on Speedtest.net), so evevy 15 minutes I am sending 20.7 mb of data. It is now constant - even when the machine is idle. I am also downloading data, but at a much slower rate.

Where is this data going? Why is this happening? Have I got some kind of virus in the machine?

I have run my virus scan and an anti-spyware program, but to no effect.

Any help/advice appreciated

You've possibly been botted. Another possibility is that you've recently installed software that lets you watch TV programmes from the likes of BBC and Channel4. A third possibility is you're collecting movies or music and the sharing software is running continuously. Have you ever installed a Bittorrent programme?

If you're on XP, the easiest way is to let someone in to have a look, but I guess you're (rightly) unlikely to allow that.

As said above, plus, there is a useful bit of freeware called What's Running that will give you a full list to consider.

Quick thought I'm not massively au fait with viruses or bots, but would something like that show up in processes running in task manager or is that unlikely ??

I've recently downloaded something from the BBC iplayer, and also tried to access similar from ITV.
Why would that cause my machine to constantly upload data?

Uninstalling BBC iplayer seems to have done the trick.
I won't be downloading that again!!

I believe that the iPlayer by default acts as a server for other users.

Apparently, you can turn this off. Should be off by default IMO!

BBC iplayer

BBC, Channel 4 and Sky use a product called Kontiki to deliver content. It's a distributed delivery network (i.e. peer-to-peer, P2P). When you download a programme, it can come partially or entirely from a mix of seed servers, and other people such as yourself who already have part or the whole of the programme you're interested in. In other words, not only can you download programmes, but others can in turn download them from you. This is the outgoing traffic you see.

This reduces distribution costs for the BBC and moves them to ISPs whose users are accessing the content. In that sense, of course, it's no different to any other P2P network.

Unfortunately, Kontiki doesn't always play very nicely: by default, it tends to take all your available outgoing bandwidth, and it's got some issues with CPU time. Taking all your bandwidth, of course, is what gives others a good download experience, but it's as though the Kontiki default settings don't understand that, in general, outgoing bandwidth can less than one tenth of incoming bandwidth.

If you have a capped service which counts upload bytes as well as download bytes in your monthly limit, you could hit that limit in a day or so.

The obvious thing from a user perspective is to turn Kontiki off after downloading the programme (if you can). But this is against the spirit of the agreement you entered into when you installed the software.

For future reference ...

(1) On XP and above

netstat -o

will tell you which processes own the open connections. (On Win2k and earlier netstat will tell you what connections are open but there's no easy way to find out what processes are doing it.)

(2) A network sniffer of your choice (netmon, Ethereal/WireShark) will tell you what the traffic is.

But you don't want to spend very long on diagnosis - if your machine is sending data you don't expect there's a fair chance your machine is a bot and is spewing spam and viruses, or hosting a kiddie porn site, or something like that. You don't want to leave it very long before pulling the plug.