I am using windows 7, and most probably to install an app named Nastaveni.XviD got this error of explorer eating up a lot of network, few GBs per day.
This app is not visible in installed applications, and when running system restore also does not show in the list of programs that will be removed by resotration to a previous restore point.
However, in windows search box it shows up on typing its name. The file location is shown as rundll32.exe file in C:/Windows/System32 folder.
For Nastaveni.XviD, the properties from windows search box on right click shows it as having target as : C:\Windows\System32\rundll32.exe xvid.ax,Configure
May be it is a portable app (which I understand as something that does not have registry entry). It seems like a superb virus to me.
I tried all tools, and stopped WindowsUpdate & Windowssearch services also. For some time (30 mins approx.), it worked then I do not know how it all started again. I then resorted to trial version of Netbaalncer to at least stop from being network bandwidth for the month. To compensate for the lack of detailed information in NetPlanner, I saw in TCPView that explorer was basically communicating (as Established connection) on two addresses with remote address and local addresses as below
Local address Remote address
some mac address starting with 2406 some mac address starting with 64
I am perplexed, dead with trying all options, and wonder how NetPlanner is so easily able to stop explorer from making any Tcp connection, when I have simply failed.
I also worry if NetPlanner will fail after a few days, if Nastaveni.XviD is a virus.I have no antiviirus and run windows defender only. I am thinking of what to do in future without formatting my machine ever.