Lately i have been seeing a lot of DRO popups from my HIPS program. This is something i have not seen before. I am on a standalone computer. Should i be concerned ?

Someone please.

What does DRO stand for?

-{ Quote: "What does DRO stand for?" }-

Excellent question stapp..........haven't a clue and since you are just as much in the dark i won't be allowing it anytime soon.

Malware scans are showing nothing.

Could it be connected with torrent file downloads perhaps?

-{ Quote: "Could it be connected with torrent file downloads perhaps?" }-
Don't use them.

Which HIPS program are you using?

Perhaps contacting the software's forum may help.

Also see here

http://pcsupport.about.com/od/fileextensions/f/drofile.htm

-{ Quote: "Also see here

http://pcsupport.about.com/od/fileextensions/f/drofile.htm" }-
Good find...........i am still lost, but feeling even better about not allowing access. :)

Now you have me curious. Have you done a search of your hdd for the .DRO extension? Have you attempted to open it in notepad ? I am no coder, do not know your level of experience but at least you may find a program name\reference buried in it.

-{ Quote: "Now you have me curious. Have you done a search of your hdd for the .DRO extension? Have you attempted to open it in notepad ? I am no coder, do not know your level of experience but at least you may find a program name\reference buried in it." }-

Not so sure it is an extension....and adding more confusion...http://acronyms.thefreedictionary.com/Direct+Readout

Found much of the same myself when I did a Google. Is it inbound or outbound ? Doing a hdd search with hidden and protected files showing would not hurt.

The plot thickens. :lurking:

Can you post a screenshot of the popup from your hips program and also say which program it is that you use?

-{ Quote: "Found much of the same myself when I did a Google. Is it inbound or outbound ? Doing a hdd search with hidden and protected files showing would not hurt.

The plot thickens. :lurking:" }-

As i recall i saw no networking attempts. It wanted to work with the HD. I am still looking into this.

After wading through DRO references of wacky weed and robotics, the only thing I saw that might make sense is this (http://delphi.about.com/od/beginners/a/aa032800a_2.htm). There might be a program written in Delphi that is causing it.

-{ Quote: "After wading through DRO references of wacky weed and robotics, the only thing I saw that might make sense is this (http://delphi.about.com/od/beginners/a/aa032800a_2.htm). There might be a program written in Delphi that is causing it." }-
OK...Thanks midway40.

Probably stands for Data Request Output.
Is related with I/O operations and if I am not mistaken happens when windows fails to communicate with a device (device timeout).

Does it happen when you transfer files to an external hard disk?


Panagiotis

-{ Quote: "Probably stands for Data Request Output.
Is related with I/O operations and if I am not mistaken happens when windows fails to communicate with a device (device timeout).

Does it happen when you transfer files to an external hard disk?


Panagiotis" }-

One example would be:
Provider Host/Process/wmiprivse.exe
Device: DRO

Has your computer been acting strangely lately other than the DRO popups? If it has then running CHKDSK C: /R in the command window might stop the DRO errors.

-{ Quote: "Has your computer been acting strangely lately other than the DRO popups? If it has then running CHKDSK C: /R in the command window might stop the DRO errors." }-

I ran a checkdisk just for the heck of it.....but still getting requests.....strange.

That is strange, I don't know what else it could be. Heck, I might be having them and don't know it, lol.

A real mystery there :lurking:

Another strange DRO google result here

A PC Program to view the DRO Printer Output
There is a program supplied with Windows (95,98,NT,ME etc) called HyperTerminal (Hypertrm.exe). It displays the output of
the printer from the DRO on the screen as it would appear on a printer.
To see if you have it installed click the Start Button and look under
Programs > Accessories > Communications
If you see a folder marked HyperTerminal then you have this software installed. If not, install it from the Windows CD.


From here

http://74.125.77.132/search?q=cache:NHvvH3BFztkJ:www.solartronmetrology.com/support/application_notes/502387_3.pdf+printer+with+dro&hl=en&ct=clnk&cd=3&client=opera

-{ Quote: "Another strange DRO google result here

A PC Program to view the DRO Printer Output
There is a program supplied with Windows (95,98,NT,ME etc) called HyperTerminal (Hypertrm.exe). It displays the output of
the printer from the DRO on the screen as it would appear on a printer.
To see if you have it installed click the Start Button and look under
Programs > Accessories > Communications
If you see a folder marked HyperTerminal then you have this software installed. If not, install it from the Windows CD.


From here

http://74.125.77.132/search?q=cache:NHvvH3BFztkJ:www.solartronmetrology.com/support/application_notes/502387_3.pdf+printer+with+dro&hl=en&ct=clnk&cd=3&client=opera" }-

Hello stapp..........not in Vista.

-{ Quote: "That is strange, I don't know what else it could be. Heck, I might be having them and don't know it, lol.

A real mystery there :lurking:" }-

I would think you would see something if your using a HIPS. It is indeed a mystery....thus far.

-{ Quote: "One example would be:
Provider Host/Process/wmiprivse.exe
Device: DRO" }-
- What is "wmiprivse.exe"? Does it come with a printer, scanner or another device software?

- What HIPS are you using? DRO is not malicious. If you see it often it could mean that your hips interfears with a device controller (probably usb) and causes timeouts, which can lead in errors with data trasmission to/from the device. (one of the reasons I ditched Comodo defence+ was this).

Panagiotis

Wmiprvse - WMIPrvSe.exe

(Microsoft) Windows Management Instrumentation Provider Service first introduced in Windows XP, and then in Windows 2003. WMIPRVSE is a host process for WMI provider services. It is a new Windows architecture intended to eliminate the previous problems in Windows 2000 where the failure of a WMI provider service would make the whole WMI service fail as, then, WMI provider services were loaded in-process with the WMI Service (a new request to WMI would restart the WMI Service). With the new WMIPRVSE model, failure of a single WMI provider service affects that service only rather than the entire WMI Service. For the layman : this is an essential Windows XP/2003 service which will start whenever a specific piece of software requires its facilities.

Recommendation :
Essential – leave alone. Note that, as with SVCHOST, there may be more than one instance of WMIPRVSE running in your Task List : this is normal. Also, some users will never have witnessed the WMIPRVSE service running on their Windows XP/2003 PC, and then notice it running one day and every day thereafter : this is also normal and will in most cases be the result of some software having been installed (and installing WMI provider services) or the result of a Windows Update. Finally, as with SVCHOST, if you experience errors or excess CPU usage with WMIPRVSE, the problem will in almost all cases be with the WMI provider process that WMIPRVSE is hosting, not with WMIPRVSE itself, or you may have a hardware problem or incompatibility which is not yet at the "serious" stage – see if Microsoft’s Windows Update has WMI related fixes for your PC/Server; also, on a network, we have empirical evidence that poor network card drivers or chipsets on any part of the network may result in excessive CPU usage by WMIPRVSE.

-{ Quote: "- What is "wmiprivse.exe"? Does it come with a printer, scanner or another device software?

- What HIPS are you using? DRO is not malicious. If you see it often it could mean that your hips interfears with a device controller (probably usb) and causes timeouts, which can lead in errors with data trasmission to/from the device. (one of the reasons I ditched Comodo defence+ was this).

Panagiotis" }-

Hello pandlouk....you now know what wmiprivse.exe is. Where did you get the info on DRO ?

Low level disk access perhaps?
Example:
205253
A screenshot of the popup you're getting would be helpful. :) And it's quite normal that it happens for system processes and some applications.

-{ Quote: "Wmiprvse - WMIPrvSe.exe

(Microsoft) Windows Management Instrumentation Provider Service
....." }-
wmiprivse.exe is not the managment instrumentation service provider;
wmiprvse.exe is.
-{ Quote: "Hello pandlouk....you now know what wmiprivse.exe is. Where did you get the info on DRO ?" }-
I know about WMIP and I can assure you that no OS of microsoft ships with the executable wmiprivse.exe.

There are some articles on Universities sites about DRO. If my memory does not fail me IBM also has some articles about DRO and I/O operations in their knowledge base.

edit: It could be malicious
http://spywarefiles.prevx.com/RRHHDA44647478/WMIPRIVSE.EXE.html
http://analysis.avira.com/samples/details.php?uniqueid=9Y9A6MB1Fx0qLSxLLNvStzX17U86qjOn&incidentid=98355

Panagiotis

-{ Quote: "wmiprivse.exe is not the managment instrumentation service provider;
wmiprvse.exe is.

I know about WMIP and I can assure you that no OS of microsoft ships with the executable wmiprivse.exe.

There are some articles on Universities sites about DRO. If my memory does not fail me IBM also has some articles about DRO and I/O operations in their knowledge base.

edit: It could be malicious
http://spywarefiles.prevx.com/RRHHDA44647478/WMIPRIVSE.EXE.html
http://analysis.avira.com/samples/details.php?uniqueid=9Y9A6MB1Fx0qLSxLLNvStzX17U86qjOn&incidentid=98355

Panagiotis" }-

Thank you...malware scans have not found it so i must have typoed.

-{ Quote: "Low level disk access perhaps?
Example:
205253
A screenshot of the popup you're getting would be helpful. :) And it's quite normal that it happens for system processes and some applications." }-

Good find...thanks 3xOgR13N.