You could try using tcpdump (it's a sniffer for unix, just like wireshark).
By the way, before it, you could firstly try to disable all the network services, then this box should stop sending data, otherwise yes it could be a virus/bot/whatever.
There are many ways to debug it, try these options. If you cannot solve it, then come back here and we'll help you.
But please, let us know what you did, in the case you got it solved.
This is an excellent tcpdump tutorial that might help you: