Updated on: September 15, 2024
Short on time? Here’s how to quickly check if a PDF file is malicious:
- Install reliable antivirus software. To start, you’ll need a quality antivirus program (like Norton). Once you’ve found an antivirus that works for you, install it on your device like a regular app or program.
- Run a malware scan. Once the antivirus is installed, scan the file you suspect has malware, or the whole system if the infection has spread. Let the scanner do its job and don’t attempt to tamper with files during the scan.
- Remove the malware from your device. After the scan is done, it will quarantine and remove the infected files for you. Double-check to make sure it isn’t removing any files you want to keep, but in general, it’s best to get rid of any file it flags as a threat. Uninstall any applications or extensions that gave you the malware.
- Double-check by restarting and running a full scan. After removing the malware, restart your PC and run a full system scan to make sure that nothing is lingering on your device.
PDFs can unfortunately be home to many different types of malware. Once you’ve downloaded a malware-infested PDF, either through a phishing scam, a website, shared media files, or any other method, the malware can infect your whole device, potentially even destroying it.
Luckily, finding out if a PDF file is malware-ridden is quite easy. On top of basic tips and tricks, such as avoiding suspicious websites, learning how to spot a phishing scam, and not trusting “free” PDFs you’d normally need to pay for, a good antivirus can scan and remove any malware buried in your files.
Norton is my favorite antivirus for removing malware from PDFs in 2024. It has a flawless malware scanner, real-time protection to prevent future infections, an unlimited-data VPN to protect your privacy, a smart firewall to block network threats, and a lot more. That said, there are plenty of antiviruses that can beat malware hidden in a PDF file.
How to Know if a PDF File Is Infected With Malware
The most effective way is to run a malware scan, especially one that combines a massive database of known viruses with artificial intelligence, but you can sometimes tell if a PDF is infected by analyzing the file or source of the PDF.
By enabling extensions, you can see if a “PDF” is actually a .exe file or something else. By analyzing the size of the file, you might see a particularly large file size, indicating something else is inside the PDF. And if you got the PDF from an email, investigate the email itself. If it wasn’t sent by a trustworthy source, don’t open it — scan it instead.
If you’re having any suspicions at all, don’t open the file until you’ve used an antivirus to provide you with a concrete answer.
How to Detect & Remove Malicious PDF Files (Step-By-Step Guide)
If you believe one of your PDF files is infected, the most important step is to scan it with an antivirus. Even if you have a lifetime of experience with computers and cybersecurity, attempting to tamper with the malware yourself could make the problem much worse. While I recommend Norton’s flawless scanner, any of our top antiviruses will work.
Depending on the severity of the threat, you may need to run your device in Safe Mode (though this usually isn’t the case.) Each platform and device has its own way of booting into Safe Mode, but it typically requires you to hold down specific keys while booting up or restarting your device.
Step 1. Install Reliable Antivirus Software
Find an antivirus with a reliable malware scanner that’s from a reputable company. Ideally, go with a premium product like Norton or Bitdefender, both of which have engines powerful enough to detect and remove 100% of the malware hidden in PDF files.
Once you’ve purchased your antivirus, install it on your PC or phone like any other application and log into your account. If you’re on a computer, simply download the program from the website and let the installation wizard do the rest. If you’re on a mobile device, download it from the App Store or Google Play Store.
Step 2. Run a Malware Scan
Once you’ve installed your antivirus, scan the PDFs you believe are infected. Every premium antivirus on my list lets you run a quick scan, a full scan, or custom scans of individual files. Choose the third option, then click File Scan and navigate to the files you want to be checked. Finally, click Scan.
If the PDF has already been opened and you suspect your whole device is infected, run a full scan by clicking the Full Scan option included in all my top antiviruses. This may take upwards of an hour, but each file on your device will be meticulously checked for malware.
If the malware is particularly threatening and has “bricked” your device, restart your computer or phone in Safe Mode (each platform has a unique way of doing this) and perform steps 2-4.
Step 3. Remove the Malware From Your Device
Once the scan is complete, you’ll be shown a report detailing any malware the antivirus found. At this point, the antivirus will quarantine the infected PDF (or other files) and give you the option to remove it. While you should double-check to make sure that any files you want aren’t being deleted, it’s usually best to let the antivirus do its job and remove suspicious files.
Additionally, you should uninstall any applications or software installed by the malware. As an example, If you’re on Windows 11, click on the Start button and navigate to the Control Panel. Click on Uninstall a Program, and remove any malicious apps.
Step 4. Double-Check by Restarting and Running a Full Scan
Once you’ve removed the bad PDF file, restart your device and run one more full scan. Some infections can be particularly nasty or may have spread to other parts of your device. By restarting your device and running one last full scan, you can be certain the malware is gone.
Best Antiviruses for Protecting Against PDF Viruses in 2024
Quick summary of the best antiviruses for protecting against PDF viruses:
- 🥇 1. Norton — Best antivirus to protect against PDF viruses & other malware.
- 🥈 2. Bitdefender — Feature-rich antivirus with great ransomware protection.
- 🥉 3. TotalAV — Beginner-friendly antivirus with a decent ad blocker.
Can Free Antivirus Software Detect & Remove Malicious PDFs?
Some can, but frankly, a free antivirus will never be as good as a premium one. While there are free antiviruses that I like, they usually come with quite a few drawbacks. Free antiviruses from unreliable sources are often scams or carry hidden malware, and even the best free antiviruses (like TotalAV’s free plan) are missing a lot of features you need to be completely protected.
A free antivirus may be able to wipe out most malware hidden in PDFs, but premium antiviruses like Norton and Bitdefender include features like real-time protection to stop zero-day threats, anti-phishing protection, firewalls to protect your network, and VPNs to shield your identity.
How Do Infected PDF Files Get Onto Your System?
- Phishing scams. This common method involves a threat actor sending an email that entices the recipient into opening an attached PDF. Once someone opens the infected PDF, it can infect their device almost immediately.
- Downloaded from the internet. Another very common method is simply downloading a malicious PDF file online. Often, scammers will present attractive-looking free PDFs (like popular books) to convince people to download them.
- Shared through networks. Once one device on a network gets infected, particularly savvy threat actors can spread that malware through every device on the network, potentially crippling a whole household or business via a single PDF.
- Inserted through shared media. Infected PDF files can also be spread through USB drives or other removable media. If an infected PDF is on a drive, and the drive is inserted into a new system, the infection can spread if the PDF is opened.
How Can a PDF Be Infected?
There are numerous ways that hackers can infect PDF files, all of them dangerous. Here are a few of the most common ways cybercriminals insert malware into PDFs.
- Hidden malware. It’s relatively easy to store encrypted or embedded objects (like media players or flash files) in a PDF that can slip past basic antivirus software. Usually, things like free PDF books or magazines or phishing scams carry this type of threat. As soon as you open the file, it deploys. Premium antiviruses like the ones on this list tend to be better at detecting this sort of malware.
- Malicious JavaScript code. Since most websites employ some kind of JavaScript, hackers can infect PDFs with questionable lines of JavaScript. These scripts can be used for all sorts of malicious purposes. For this reason, you should always be very wary about downloading PDFs from unknown websites.
- Abuse of System Commands. Once you open the PDF, it could use your System Commands to launch more malware. Essentially, hackers can open your Command window and use that to execute commands to initiate the malware.
What Can Happen if You Have a Malicious PDF on Your Device?
Leaving a malicious PDF file on your device can have far-reaching consequences. Your data could be exfiltrated, encrypted, and ransomed right under your nose. The malware could infect all of your files, destroying your device. You could be allowing threat actors to make subtle changes to your database, you could be used to mine crypto for them, and so much more.
There are simply dozens of ways that leaving a malicious file on your PC could go wrong — so it’s imperative that you get rid of the file immediately. Use an antivirus program to scan the file (and your whole device), then quarantine or remove the malware. Chances are the PDF may have to go as well, and if that’s the case, you should prioritize your safety over the PDF file.
Best Ways to Prevent Virus-Infected PDFs From Getting Onto Your System
- Choose a trusted PDF reader and keep it up-to-date. Use reliable PDF reading software products like Adobe Acrobat Reader, Foxit Reader, and Nitro Reader — they have great reputations and prioritize users’ security. Conversely, using untrustworthy programs leaves you at high risk of infection.
- Install a trustworthy antivirus program. Even if you do everything right, you can still get malware from a faulty PDF file. That’s why you need an antivirus’s malware scanner to detect and remove it for you, with real-time protection to stop it from happening in the future.
- Be wary of unknown websites, links, and sources. Good antiviruses will include web protection that prevents you from visiting malicious websites or downloading bad files, but you should still do your best to always avoid anything suspicious online.
- Verify email attachments and websites with your antivirus. Software like Norton and Bitdefender automatically scans email attachments and websites as you visit them, ensuring any dangerous PDFs are intercepted before they can cause harm.
- Enable file extensions. By enabling file extensions, you can see the extension of a file you download (ie .exe, .pdf, .doc, etc). Doing this will help you see when a “PDF” you’ve downloaded is actually a .exe file, waiting to infect your device with a nasty bug.
- Enable automatic security updates. Automatic security updates constantly patch bugs in software, meaning you can stay protected against the newest threats. Regardless of the platform or app, making sure automatic updates are turned on ensures the best protection against all kinds of malware.
Can PDF Viruses Infect Mobile Devices?
Yes, mobile devices (both Android and iOS) are susceptible to malware from PDFs. Unfortunately, all devices can fall victim to an infected PDF that when opened or downloaded launches malicious applications.
PDFs can contain viruses, trojans, hidden backdoors, or even ransomware that can completely encrypt your data while threat actors work to extort you before (maybe) giving you your data back.
Just like with a PC or tablet, it’s important to use a quality antivirus to scan the PDF first. You always have to make sure your files are safe. Also, avoid going to suspicious websites, downloading PDFs from unknown sources, or using fraudulent apps that give you free PDFs of popular books — be wary of every file you download.
Frequently Asked Questions
Are PDFs dangerous?
Usually PDFs are completely fine, but that doesn’t mean they always are. PDFs from unfamiliar websites, suspicious links, or pirated versions of PDFs you normally can’t access (like free books, free documents, or reports) can be riddled with malware just like any other file.
If your device gets infected because of a malicious PDF file, the first thing you should do is avoid contacting the hackers. They may try to steal your data and encourage you to pay them. Then, install good antivirus software and let it remove the malware from your device.
How do I remove malware from a PDF?
The easiest solution is to use a good antivirus. Sure, each virus could theoretically be removed through painstaking and tedious manual processes, but an antivirus scans your selected files and automatically quarantines or removes any malware that’s infecting your PDFs.
On top of removing malware, antiviruses like Norton and Bitdefender also provide you with real-time protection against intrusive viruses. Plus, they offer a host of other cybersecurity tools like a VPN, web protection, dark web monitoring, PC optimization tools, a network firewall to prevent intrusions, and a lot more.
What’s the best antivirus to remove malware from a PDF?
My favorite antivirus to remove malware from a PDF is Norton. Norton has a flawless malware scanner, which efficiently detected and removed 100% of every type of malware I tested, including viruses, trojans, ransomware, and more. It also has excellent web protection, ensuring you don’t stumble across a malware-ridden PDF file online.
Bitdefender is a close second. Its cloud-based malware scanner doesn’t tax your system at all, and its malware detection rating is just as good as Norton’s. While I think Norton is just slightly better (it has the best dark web monitoring on the market, for example), Bitdefender is also a worthwhile investment.
What do I do if my PDF gave me malware?
Don’t fret — antiviruses will remove malware that’s already infecting your computer. If you downloaded an infected PDF that already injected itself into your device or network, simply run an antivirus like Norton (or any of our top picks) and allow it to quarantine and remove every type of malware it finds.
If your data has already been encrypted and stolen by ransomware, it may be trickier. Decrypting data often requires a decryption key, which may not always be available. While you can usually recover your data and beat malware easily, it’s incredibly important to have an antivirus with real-time protection, so your data is never encrypted and stolen in the first place.