Troj/AdClick-BM is a Trojan which attempts to install a stealthing component and download configuration data from a remote server to display further pop-ups.
When the application is installed the following files are created:
idemlog.exe
idesk.conf
<Windows>\system32\drivers\zpmodemnt.sys
The file zpmodemnt.sys is a stealthing component registered as a new service named "ZPMODEMSYSNTDRVNT", with a display name of "ZPMODEMSYSNTDRVNT". Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\ZPMODEMSYSNTDRVNT\
Troj/AdClick-BM will create a auto-start registry entry at:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
Desktop