PUP.Patcherm is a potentially unwanted program (PUP) that typically masquerades as a legitimate software patcher or update utility while delivering intrusive advertisements, browser modifications, and unwanted system changes. First observed in late 2019, this deceptive application belongs to a family of adware-bundled utilities that promise to streamline software updates but instead monetize user systems through aggressive ad injection and data collection. While not technically a virus, PUP.Patcherm exhibits behavior that compromises system performance and user privacy in ways that warrant its removal.

PUP.Patcherm — cybersecurity illustration
Photo by cottonbro studio on Pexels

Many users encounter Patcherm bundled with freeware downloads from third-party sites, often installed silently alongside desired applications through pre-checked opt-in boxes buried in lengthy installation wizards. Once active, the program establishes persistence mechanisms that make it restart after attempted removals, frustrating users who discover their browsers suddenly filled with pop-ups, redirects, and sponsored search results. The software collects browsing data ostensibly for "improving user experience" but shares this information with advertising networks without meaningful user consent.

If you suspect PUP.Patcherm is on your computer right now: Disconnect from the internet immediately, then proceed to the Manual Removal section below. Do not enter passwords or financial information on this machine until the threat is removed and verified clean. If you're uncomfortable with technical steps or the infection persists after following our guide, call Computer Repair Roswell at (770) 954-1950 — we can typically handle these removals same-day.

Threat Profile

Threat Classification Potentially Unwanted Program (PUP) / Adware
Family Patcherm adware family
Known Aliases PUP.Optional.Patcherm, Adware.Patcherm, Win32/Patcherm
Platforms Affected Windows 7/8/8.1/10/11 (primarily 32-bit and 64-bit desktop systems)
First Documented Late 2019
Primary Distribution Software bundling, fake update prompts, freeware installers
Persistence Mechanisms Registry Run keys, scheduled tasks, browser extensions, service installations
Observed Capabilities Ad injection, browser hijacking, search redirection, data collection, installation of additional PUPs
Typical Installation Paths %PROGRAMFILES%\Patcherm, %APPDATA%\Patcherm, %LOCALAPPDATA%\[random GUID]
Registry Artifacts HKCU\Software\Patcherm, HKLM\Software\WOW6432Node\Patcherm, Run key entries
Network Behavior Connects to ad-serving domains, analytics endpoints; phone-home activity typical for adware family
Removal Difficulty Moderate (automated tools effective; manual removal requires registry editing and safe mode)

How It Spreads

PUP.Patcherm rarely arrives alone or through direct user choice. The overwhelming majority of infections occur when users download legitimate-looking software from unofficial sources — download portals that repackage popular freeware with bundled extras. During installation, the Patcherm component is presented in ways designed to ensure users accept it: pre-checked boxes labeled with confusing double-negatives, "Recommended" installation options that include it by default, or rapid-fire installation screens that discourage careful reading.

A secondary distribution vector involves fake software update notifications displayed while browsing compromised or ad-heavy websites. These pop-ups mimic Windows system messages or warnings from popular programs like Adobe Flash Player (now discontinued but still exploited in social engineering). Clicking "Update Now" triggers a download that installs Patcherm rather than any legitimate update. The program's name itself — suggesting a "patcher" utility — exploits users' desire to keep software current and secure.

Common distribution methods include:

  • Bundled freeware installers from sites like Softonic, download.com clones, and torrent bundles that wrap PUPs around desirable software
  • Fake update prompts on websites claiming your Flash Player, Java, or video codecs are outdated
  • Malvertising campaigns where legitimate ad networks unknowingly serve malicious ads that redirect to Patcherm installers
  • Email attachments disguised as software utilities or system optimizers, particularly in "Your PC needs updating" phishing campaigns
  • Pay-per-install networks where affiliates earn commissions by tricking users into installing PUPs through any means necessary
  • Repackaged portable apps distributed on file-sharing sites with Patcherm components injected into otherwise-clean software archives

What It Does On Your Machine

Once installed, PUP.Patcherm immediately establishes multiple persistence points to ensure it survives reboots and casual removal attempts. The program creates scheduled tasks that reinstall components if deleted, adds registry entries that launch helper processes at startup, and may install browser extensions across Chrome, Firefox, and Edge. Users typically first notice the infection when their default search engine changes without permission, their new tab page redirects to an unfamiliar search portal, or pop-up advertisements appear on websites that normally don't display ads.

The core function of Patcherm centers on advertising revenue generation. The program injects JavaScript into web pages as they load, inserting banner ads, pop-unders, and in-text advertising links into content. Search queries get redirected through affiliate networks that credit Patcherm's operators for each click, and product searches may trigger comparison shopping overlays designed to earn referral commissions. This activity consumes bandwidth, slows page loading, and creates a degraded browsing experience where sponsored content overshadows legitimate results.

Beyond advertisements, Patcherm engages in data collection that raises privacy concerns. The program monitors browsing history, search queries, frequently visited domains, and clicked links — information packaged and transmitted to remote servers ostensibly for ad targeting but potentially sold to data brokers. While not stealing passwords or financial data in the manner of banking trojans, this surveillance activity occurs without informed consent and persists invisibly in the background. Some variants additionally install toolbars, browser helper objects, or companion PUPs that compound the privacy invasion.

Typical PUP.Patcherm filesystem and registry artifacts:
C:\Program Files (x86)\Patcherm\ PatchermService.exe # Main service executable uninstall.exe # Often non-functional or incomplete config.dat # Configuration data for ad networks C:\Users\[Username]\AppData\Roaming\Patcherm\ user_data.db # Collected browsing data C:\Users\[Username]\AppData\Local\Temp\ ptch_[random].tmp # Temporary installer remnants Registry Keys (common): HKCU\Software\Microsoft\Windows\CurrentVersion\Run Patcherm UpdaterC:\Program Files (x86)\Patcherm\PatchermService.exe HKLM\SOFTWARE\WOW6432Node\Patcherm # Installation metadata and configuration HKCU\Software\Patcherm InstallDate, UserID, AffiliateID # Tracking identifiers Scheduled Tasks: \Microsoft\Windows\Patcherm Update Task Triggers: At logon, Daily at 3:00 AM

System performance degradation represents another common symptom. The constant ad injection, data collection, and network communication consume CPU cycles and memory that would otherwise support legitimate applications. Users report browsers becoming sluggish, startup times increasing, and occasional system freezes when multiple Patcherm processes compete for resources. In severe cases where the PUP has installed additional unwanted software, machines become nearly unusable until thorough cleaning restores normal operation.

Manual Removal — Step by Step

01

Disconnect from the Internet

Unplug your Ethernet cable or disable Wi-Fi to prevent Patcherm from downloading additional components or uploading collected data during the removal process. This also stops any re-infection attempts that might occur if compromised browser extensions try to reinstall the program from remote servers.

02

Boot Into Safe Mode with Networking

Restart your computer and press F8 repeatedly during boot (or Shift+Restart from Windows 10/11, then Troubleshoot > Advanced > Startup Settings > Restart > press 5 for Safe Mode with Networking). Safe Mode loads only essential drivers and prevents Patcherm's scheduled tasks and startup entries from launching, making the infection easier to remove.

03

Uninstall Patcherm Through Control Panel

Open Control Panel > Programs and Features (or Settings > Apps on Windows 10/11), then scroll through the installed programs list looking for "Patcherm," "Patcherm Updater," or any unfamiliar entries installed around the time symptoms began. Select the entry and click Uninstall. Note that the built-in uninstaller often leaves remnants behind deliberately, so subsequent steps remain necessary even if this appears successful.

04

Delete Patcherm Folders Manually

Open File Explorer and navigate to C:\Program Files (x86)\Patcherm and C:\Users\[YourUsername]\AppData\Roaming\Patcherm (you may need to enable "Show hidden files" in View options). Delete these entire folders. Also check %LOCALAPPDATA% for any folders with GUIDs or random names created on the infection date. If Windows prevents deletion claiming files are in use, verify you're in Safe Mode and try again.

05

Clean Registry Entries

Press Win+R, type regedit, and press Enter. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run and look for any entry named "Patcherm" or pointing to Patcherm executables — delete these entries. Then check HKEY_CURRENT_USER\Software\Patcherm and HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Patcherm, deleting the entire Patcherm keys if present. Be careful in the registry; only delete keys you're certain relate to this infection.

06

Remove Scheduled Tasks

Open Task Scheduler (search for it in the Start menu), expand Task Scheduler Library in the left pane, and look for tasks named "Patcherm Update" or similar. Right-click suspicious tasks and select Delete. Pay attention to tasks pointing to executable paths you deleted in step 4 — those definitely need removal.

07

Reset Browser Settings and Remove Extensions

In Chrome, go to Settings > Reset and clean up > Restore settings to their original defaults. In Firefox, type about:support in the address bar and click "Refresh Firefox." In Edge, go to Settings > Reset settings > Restore settings to their default values. Before resetting, manually check Extensions/Add-ons for anything unfamiliar and remove it. This step eliminates browser hijacking components that survive program uninstallation.

08

Scan with Malwarebytes or Reputable Anti-Malware

Download Malwarebytes Free (from malwarebytes.com — avoid impostor sites) and run a full system scan. Malwarebytes excels at detecting PUPs and adware that traditional antivirus programs sometimes miss. Let it quarantine everything it finds, then restart your computer. Alternatively, use AdwCleaner (also from Malwarebytes) which specializes in adware removal.

09

Verify Hosts File and DNS Settings

Some PUP variants modify the Windows hosts file or DNS settings to maintain control. Open C:\Windows\System32\drivers\etc\hosts in Notepad (run as Administrator) and delete any lines below the standard localhost entries. Then open Network Connections, right-click your active adapter, choose Properties > Internet Protocol Version 4 > Properties, and ensure DNS is set to "Obtain DNS server address automatically" unless you specifically use custom DNS like Google's 8.8.8.8.

10

Reboot Normally and Confirm Removal

Restart your computer into normal mode and reconnect to the internet. Open your browser and verify that ads have returned to normal levels, your search engine is what you set it to, and no unexpected redirects occur. Check Task Manager (Ctrl+Shift+Esc) for suspicious processes. If symptoms persist, the infection may have installed additional PUPs requiring their own removal, or remnants remain that need professional attention.

Prevention

  1. Download software only from official sources. Get programs directly from the developer's website, never from third-party download portals like Softonic, CNET Download clones, or torrent sites that bundle PUPs with otherwise-legitimate software.
  2. Choose Custom/Advanced installation every time. Never click through installers using Express or Recommended settings. Custom installation reveals bundled offers you can deselect. Read each screen carefully and uncheck any pre-selected boxes for browser toolbars, system utilities, or "recommended" extras you didn't specifically seek.
  3. Keep a reputable ad-blocker active. Browser extensions like uBlock Origin block malvertising that leads to PUP infections. They prevent the fake "Your Flash Player needs updating" pop-ups that trick users into downloading Patcherm and similar threats.
  4. Maintain updated security software. While traditional antivirus sometimes misses PUPs classified as "potentially" unwanted rather than outright malicious, modern security suites increasingly detect and block them. Enable real-time protection and keep definitions current.
  5. Ignore scare-tactic pop-ups claiming your PC is infected. Legitimate software doesn't announce problems through browser pop-ups. If a website claims you have viruses or need immediate updates, close the page without clicking anything. Use Task Manager to force-close the browser if the pop-up won't dismiss.
  6. Review installed programs monthly. Open Programs and Features periodically and uninstall anything you don't recognize or no longer use. Catching PUPs early, before they establish deep persistence, makes removal much simpler.
  7. Create a non-administrator account for daily use. Running Windows with standard user privileges prevents software — including PUPs — from making system-wide changes without your explicit permission through UAC prompts. Reserve your administrator account for deliberate software installations.
  8. Be skeptical of software that promises to "optimize" or "clean" your PC for free. Many system optimizers, registry cleaners, and driver updaters are themselves PUPs that create problems rather than solving them. Windows 10/11 include sufficient built-in maintenance tools for most users.
Our 90-Day Warranty: When Computer Repair Roswell removes malware from your system, we guarantee it stays gone. If any infection we've treated returns within 90 days, bring your machine back and we'll re-clean it at no additional charge. We stand behind our work because we take the time to eliminate threats completely — not just suppress symptoms.

Bring It In

If you've followed the steps above and still encounter redirects, pop-ups, or suspicious behavior — or if you simply don't feel comfortable editing the registry and hunting through system folders — Computer Repair Roswell is here to help. We handle PUP removals like Patcherm daily, and our technicians have the tools and experience to root out even persistent infections that resist standard removal attempts. Most adware cleanings take under an hour, meaning you can often drop off your machine in the morning and pick it up the same afternoon running clean and fast.

Beyond just removing the immediate threat, we'll check for the secondary PUPs that often accompany infections like Patcherm, verify your system security settings are properly configured, and ensure no data was compromised during the infection period. We're located in Roswell, Georgia, and you can reach us at (770) 954-1950 during business hours. We offer transparent pricing with no surprise charges — call for a quote, or just bring your machine by. Getting your computer back to normal shouldn't be a frustrating, day-long ordeal, and with professional help, it doesn't have to be.