In the wild, we have observed TrojanDownloader:JS/Adodb.F being downloaded by Microsoft Help and Support Center exploit Exploit:Win32/CVE-2010-1885.A.
Downloads and executes arbitrary files
TrojanDownloader:JS/Adodb.F contacts the following domain in order to download arbitrary files:
The malware then saves the downloaded files to the following location:
Note: %USERPROFILE% refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the User Profile folder for Windows 2000 and NT is C:\Documents and Settings\<user> or C:\Users\<user>; and for XP, Vista, and 7 is C:\Users\<user name>.
Analysis by Rodel Finones
Alert notifications or detections of this malware from installed antivirus or security software may be the only other symptom(s).