Tyler Cross
Updated on: January 4, 2024
Short on time? Here’s how to quickly check if a PDF file is malicious:
- Install reliable antivirus software. To start, you’ll need a quality antivirus program (like Norton). Once you’ve found an antivirus that works for you, install it on your device like a regular app or program.
- Run a malware scan. Once the antivirus is installed, scan the file you suspect has malware, or the whole system if the infection has spread. Let the scanner do its job and don’t attempt to tamper with files during the scan.
- Remove the malware from your device. After the scan is done, it will quarantine and remove the infected files for you. Double-check to make sure it isn’t removing any files you want to keep, but in general, it’s best to get rid of any file it flags as a threat. Uninstall any applications or extensions that gave you the malware.
- Double-check by restarting and running a full scan. After removing the malware, restart your PC and run a full system scan to make sure that nothing is lingering on your device.
PDFs can unfortunately be home to many different types of malware. Once you’ve downloaded a malware-infested PDF, either through a phishing scam, a website, shared media files, or any other method, the malware can infect your whole device, potentially even destroying it.
Luckily, finding out if a PDF file is malware-ridden is quite easy. On top of basic tips and tricks, such as avoiding suspicious websites, learning how to spot a phishing scam, and not trusting “free” PDFs you’d normally need to pay for, a good antivirus can scan and remove any malware buried in your files.
Norton is my favorite antivirus for removing malware from PDFs in 2024. It has a flawless malware scanner, real-time protection to prevent future infections, an unlimited-data VPN to protect your privacy, a smart firewall to block network threats, and a lot more. That said, there are plenty of antiviruses that can beat malware hidden in a PDF file.
How to Know if a PDF File Is Infected With Malware
The most effective way is to run a malware scan, especially one that combines a massive database of known viruses with artificial intelligence, but you can sometimes tell if a PDF is infected by analyzing the file or source of the PDF.
By enabling extensions, you can see if a “PDF” is actually a .exe file or something else. By analyzing the size of the file, you might see a particularly large file size, indicating something else is inside the PDF. And if you got the PDF from an email, investigate the email itself. If it wasn’t sent by a trustworthy source, don’t open it — scan it instead.
If you’re having any suspicions at all, don’t open the file until you’ve used an antivirus to provide you with a concrete answer.
How to Detect & Remove Malicious PDF Files (Step-By-Step Guide)
If you believe one of your PDF files is infected, the most important step is to scan it with an antivirus. Even if you have a lifetime of experience with computers and cybersecurity, attempting to tamper with the malware yourself could make the problem much worse. While I recommend Norton’s flawless scanner, any of our top antiviruses will work.
Depending on the severity of the threat, you may need to run your device in Safe Mode (though this usually isn’t the case.) Each platform and device has its own way of booting into Safe Mode, but it typically requires you to hold down specific keys while booting up or restarting your device.
Step 1. Install Reliable Antivirus Software
Find an antivirus with a reliable malware scanner that’s from a reputable company. Ideally, go with a premium product like Norton or Bitdefender, both of which have engines powerful enough to detect and remove 100% of the malware hidden in PDF files.
Once you’ve purchased your antivirus, install it on your PC or phone like any other application and log into your account. If you’re on a computer, simply download the program from the website and let the installation wizard do the rest. If you’re on a mobile device, download it from the App Store or Google Play Store.
Step 2. Run a Malware Scan
Once you’ve installed your antivirus, scan the PDFs you believe are infected. Every premium antivirus on my list lets you run a quick scan, a full scan, or custom scans of individual files. Choose the third option, then click File Scan and navigate to the files you want to be checked. Finally, click Scan.
If the PDF has already been opened and you suspect your whole device is infected, run a full scan by clicking the Full Scan option included in all my top antiviruses. This may take upwards of an hour, but each file on your device will be meticulously checked for malware.
If the malware is particularly threatening and has “bricked” your device, restart your computer or phone in Safe Mode (each platform has a unique way of doing this) and perform steps 2-4.
Step 3. Remove the Malware From Your Device
Once the scan is complete, you’ll be shown a report detailing any malware the antivirus found. At this point, the antivirus will quarantine the infected PDF (or other files) and give you the option to remove it. While you should double-check to make sure that any files you want aren’t being deleted, it’s usually best to let the antivirus do its job and remove suspicious files.
Additionally, you should uninstall any applications or software installed by the malware. As an example, If you’re on Windows 11, click on the Start button and navigate to the Control Panel. Click on Uninstall a Program, and remove any malicious apps.
Step 4. Double-Check by Restarting and Running a Full Scan
Once you’ve removed the bad PDF file, restart your device and run one more full scan. Some infections can be particularly nasty or may have spread to other parts of your device. By restarting your device and running one last full scan, you can be certain the malware is gone.
Best Antiviruses for Protecting Against PDF Viruses in 2024
Quick summary of the best antiviruses for protecting against PDF viruses:
- 🥇 1. Norton — Overall best antivirus for protecting against PDF viruses.
- 🥈 2. Bitdefender — Feature-rich antivirus with an excellent malware scanner.
- 🥉 3. TotalAV — Most easy-to-use antivirus.
- 4. McAfee — Reliable antivirus with great web protection.
- 5. Intego — Best for protecting against PDF viruses on Mac.
🥇1. Norton — Overall Best Antivirus for Protecting Against PDF Viruses
Approved by our experts
Norton is my favorite antivirus for blocking PDF viruses in 2024. I tested out all of its features and found that its malware scanner blocked 100% of my test malware, including malware-laced PDF files. It consistently beat Microsoft Defender’s protections and tied with my other top antiviruses.
I like how Norton scans inbound and outbound emails to ensure you won’t fall victim to phishing scams with malicious PDF attachments. It also blocks suspicious websites and links to prevent you from accessing them as well. Most of the time, infected PDF files come from online sources, so good web protection is one of the most effective ways to stay safe.
Norton also features a comprehensive suite of cybersecurity tools, including:
- Smart Firewall.
- VPN (unlimited data).
- Ransomware protection.
- Dark web monitoring.
- Webcam protection.
- Parental controls.
- And a lot more…
Norton’s Smart Firewall is especially good. I tried it out and it consistently blocked more network intrusions than the Windows Firewall. It’s also highly customizable, allowing you to set rules for every individual app on your PC. If you’ve downloaded a PDF with a virus, the smart firewall ensures it can’t spread across your network and damage all of your devices.
The real-time protection works wonders for stopping viruses from PDF files. After turning it on, I wasn’t able to get any of my malware-laced PDF samples past it. By using artificial intelligence to respond to new threats, it can even stop zero-day threats from damaging your device.
Norton has several plans to choose from, with the most basic one being Norton Antivirus Plus. It covers 1 device and includes real-time protection, a firewall, and a few other features for $19.99 / year*. There’s also Norton 360 Standard, which costs $39.99 / year* and adds an unlimited-data VPN, dark web monitoring, and webcam monitoring.
The highest-value plan in my opinion is Norton 360 Deluxe — it covers 5 devices and comes with great parental controls and privacy monitoring, plus all the features from Norton’s cheaper plans, for $49.99 / year*. Since Norton’s plans come with a generous 60-day money-back guarantee, you can take your time to make sure it works for you.
🥈2. Bitdefender — Feature-Rich With an Excellent Malware Scanner
Bitdefender’s cloud-based malware scanner uses an advanced engine — it combines a massive database of known antiviruses with heuristic analysis to combat all kinds of threats, including zero-day ones. The scanner is highly customizable, too — you can scan specific areas of your PC like PDF files, boot sectors, scripts, network shares, and more.
Bitdefender also includes a ton of extra features, like:
- Real-time protection.
- VPN (200 MB/daily).
- Password manager.
- Parental controls.
- Device optimizer.
- Ransomware protection.
- And even more…
Similarly to Norton, the real-time protection worked flawlessly. Every virus hidden inside PDF files (and all other types of files) was caught instantly after I turned it on. If you’re regularly downloading PDFs, Bitdefender will scan each of them while you download them to make sure they’re safe.
The web protection also worked great — It was able to prevent me from accessing most phishing sites I tried to access. Its ransomware protection is cutting-edge, too, able to prevent nearly every type of encryption process out there. Bitdefender even has decryption tools available for several known ransomware strains.
The VPN is very good, but it has a drawback. Unlike Norton’s VPN, Bitdefender’s is limited to 200 MB/day unless you have the most expensive plan. That said, it has a large server network and a proven no-logs policy, it’s good for streaming, and it’s one of the fastest antivirus-bundled VPNs out there.
Bitdefender has several plans to choose from, but the best value plan is Bitdefender Total Security. It covers up to 5 devices and comes with most of Bitdefender’s features (all but the unlimited-data VPN) for $49.99 / year. The unlimited-data VPN is available on Bitdefender’s most expensive Premium Security plan, which covers 10 devices and costs $79.99 / year.
All of Bitdefender’s plans come with a 30-day money-back guarantee, so you can try it out risk-free before deciding.
Read the full Bitdefender review
🥉3. TotalAV — Most Easy-To-Use Antivirus
TotalAV is the most beginner-friendly antivirus for protecting yourself from PDF viruses. It has a very intuitive interface and doesn’t attempt to bombard users with tons of information or a cluttered UI. That said, it still has a lot of advanced customization options. Because of that, I can recommend TotalAV whether you’re an expert or you’ve never used an antivirus before.
I was impressed with TotalAV’s malware scanner, which caught more than 99% of the malware samples I used. It combines a massive malware database with artificial intelligence to stay up-to-date with all types of threats, be it PDF viruses, ransomware, trojans, or other types of malware. It scored slightly lower than Norton and Bitdefender, but it’s still better than most antiviruses on the market.
TotalAV’s WebShield feature is great at blocking phishing scams and other online malware distributors. It’s available as a free extension and uses the best-known blacklist of dangerous websites to safeguard you online. It also lets you set up exemptions for websites of your choice, turn off automatic blocking for low-risk websites, and a lot more.
Where TotalAV falls short is that it lacks a firewall, parental controls, or cloud storage (all of which are included in Norton). Since threat actors can share infected files between devices using your network, a lack of a firewall stops it from being my top pick for protecting against PDF viruses.
That said, TotalAV still provides tons of value. It’s intuitive and powerful, and it has several plans to choose from, including a good entry-level Antivirus Pro plan ($19.00 / year), which covers 3 devices. My favorite plan is TotalAV Internet Security ($39.00 / year) — it covers 5 devices and comes with all of TotalAVs features, except the ad blocker and the password manager. All plans come backed by a risk-free 30-day money-back guarantee.
4. McAfee — Great Web Protection Against Online Threats
McAfee offers an advanced malware scanner that excels at detecting threats in PDF files. In my tests, it conducted a comprehensive analysis of the file structure of each PDF that I tested, identifying and neutralizing every embedded or hidden malicious virus within (which is a fancy way of saying it has a great scanner).
McAfee WebAdvisor (for Windows and Mac only) blocks phishing scams, exploit attacks, and browser-based cryptojackers. When I tested it out, it blocked significantly more exploits and phishing attempts than Chrome or Firefox’s native security, and was just as good as Norton and Bitdefender. It also scans emails and downloads to make sure nothing sneaks past.
McAfee also includes:
- A firewall.
- Password manager.
- Parental controls.
- Web protection.
- A VPN (unlimited data with automatic renewals turned on).
- And more…
McAfee’s VPN is backed by TunnelBear, the standalone VPN company. It’s fast and has a pretty large server network, a strict no-logs policy, and military-grade encryption. The biggest drawback is that it’s missing some advanced features that Norton and Bitdefender’s VPNs have (like split tunneling).
The starting Plus plan covers 5 devices and includes basic antivirus protection, a VPN, real-time protection, web protection, and a few other features for $39.99 / year. The Premium package includes parental controls and covers unlimited devices (making it great for families) for only $49.99 / year. All plans come with a 30-day money-back guarantee.
5. Intego — Best For Protecting Against PDF Viruses on Mac
Intego is by far the best antivirus for Mac. Unlike other antiviruses, which have fewer features on their Mac counterparts, Intego was built from the ground up to protect MacOS from all types of malware, including viruses hidden in PDF files. Even Norton and Bitdefender lack features on their Mac plans that Intego includes.
Intego’s security features are excellent. I tested it on malware samples hidden in PDF files, and it successfully blocked all of them. On top of an excellent malware scanner, the real-time protection also works great at preventing threats from ever getting on your device in the first place.
Intego offers a pretty good VPN, but it’s only available as a separate subscription. It’s faster than most antivirus-bundled VPNs (though it’s beaten by Norton and Bitdefender) and comes with a variety of security features like advanced encryption and a kill switch. The company also has a strict no-logs policy, so your data won’t be leaked.
Intego also enhances Mac’s native features with great system optimization tools, advanced system backup options, and a firewall that can prevent threat actors from using your network to install further malware onto your Mac.
The most basic plan is Mac Internet Security X9, which starts at $19.99 / year and comes with basic antivirus protection and a firewall. The Mac Premium Bundle X9 plan offers a lot more value, containing all of Intego’s features, and starts at $34.99 / year. Both plans come with a 30-day money-back guarantee so you can try them out risk-free.
Can Free Antivirus Software Detect & Remove Malicious PDFs?
Some can, but frankly, a free antivirus will never be as good as a premium antivirus. While there are free antiviruses that I like, they usually come with quite a few drawbacks. Free antiviruses from unreliable sources are often scams or carry hidden malware, and even the best free antiviruses (like TotalAV’s free plan) are missing a lot of features you need to be completely protected.
A free antivirus may be able to wipe out most malware hidden in PDFs, but premium antiviruses like Norton and Bitdefender include features like real-time protection to stop zero-day threats, anti-phishing protection, firewalls to protect your network, and VPNs to shield your identity.
How Do Infected PDF Files Get Onto Your System?
- Phishing scams. This common method involves a threat actor sending an email that entices the recipient into opening an attached PDF. Once someone opens the infected PDF, it can infect their device almost immediately.
- Downloaded from the internet. Another very common method is simply downloading a malicious PDF file online. Often, scammers will present attractive-looking free PDFs (like popular books) to convince people to download them.
- Shared through networks. Once one device on a network gets infected, particularly savvy threat actors can spread that malware through every device on the network, potentially crippling a whole household or business via a single PDF.
- Inserted through shared media. Infected PDF files can also be spread through USB drives or other removable media. If an infected PDF is on a drive, and the drive is inserted into a new system, the infection can spread if the PDF is opened.
How Can a PDF Be Infected?
There are numerous ways that hackers can infect PDF files, all of them dangerous. Here are a few of the most common ways cybercriminals insert malware into PDFs.
- Hidden malware. It’s relatively easy to store encrypted or embedded objects (like media players or flash files) in a PDF that can slip past basic antivirus software. Usually, things like free PDF books or magazines or phishing scams carry this type of threat. As soon as you open the file, it deploys. Premium antiviruses like the ones on this list tend to be better at detecting this sort of malware.
- Malicious JavaScript code. Since most websites employ some kind of JavaScript, hackers can infect PDFs with questionable lines of JavaScript. These scripts can be used for all sorts of malicious purposes. For this reason, you should always be very wary about downloading PDFs from unknown websites.
- Abuse of System Commands. Once you open the PDF, it could use your System Commands to launch more malware. Essentially, hackers can open your Command window and use that to execute commands to initiate the malware.
What Can Happen If You Have a Malicious PDF On Your Device?
Leaving a malicious PDF file on your device can have far-reaching consequences. Your data could be exfiltrated, encrypted, and ransomed right under your nose. The malware could infect all of your files, destroying your device. You could be allowing threat actors to make subtle changes to your database, you could be used to mine crypto for them, and so much more.
There are simply dozens of ways that leaving a malicious file on your PC could go wrong — so it’s imperative that you get rid of the file immediately. Use an antivirus program to scan the file (and your whole device), then quarantine or remove the malware. Chances are the PDF may have to go as well, and if that’s the case, you should prioritize your safety over the PDF file.
Best Ways to Prevent Virus-Infected PDFs From Getting Onto Your System
- Choose a trusted PDF reader and keep it up-to-date. Use reliable PDF reading software products like Adobe Acrobat Reader, Foxit Reader, and Nitro Reader — they have great reputations and prioritize users’ security. Conversely, using untrustworthy programs leaves you at high risk of infection.
- Install a trustworthy antivirus program. Even if you do everything right, you can still get malware from a faulty PDF file. That’s why you need an antivirus’s malware scanner to detect and remove it for you, with real-time protection to stop it from happening in the future.
- Be wary of unknown websites, links, and sources. Good antiviruses will include web protection that prevents you from visiting malicious websites or downloading bad files, but you should still do your best to always avoid anything suspicious online.
- Verify email attachments and websites with your antivirus. Software like Norton and Bitdefender automatically scans email attachments and websites as you visit them, ensuring any dangerous PDFs are intercepted before they can cause harm.
- Enable file extensions. By enabling file extensions, you can see the extension of a file you download (ie .exe, .pdf, .doc, etc). Doing this will help you see when a “PDF” you’ve downloaded is actually a .exe file, waiting to infect your device with a nasty bug.
- Enable automatic security updates. Automatic security updates constantly patch bugs in software, meaning you can stay protected against the newest threats. Regardless of the platform or app, making sure automatic updates are turned on ensures the best protection against all kinds of malware.
Can PDF Viruses Infect Mobile Devices?
Yes, mobile devices (both Android and iOS) are susceptible to malware from PDFs. Unfortunately, all devices can fall victim to an infected PDF that when opened or downloaded launches malicious applications.
PDFs can contain viruses, trojans, hidden backdoors, or even ransomware that can completely encrypt your data while threat actors work to extort you before (maybe) giving you your data back.
Just like with a PC or tablet, it’s important to use a quality antivirus to scan the PDF first. You always have to make sure your files are safe. Also, avoid going to suspicious websites, downloading PDFs from unknown sources, or using fraudulent apps that give you free PDFs of popular books — be wary of every file you download.
Frequently Asked Questions
Are PDFs dangerous?
Usually PDFs are completely fine, but that doesn’t mean they always are. PDFs from unfamiliar websites, suspicious links, or pirated versions of PDFs you normally can’t access (like free books, free documents, or reports) can be riddled with malware just like any other file.
If your device gets infected because of a malicious PDF file, the first thing you should do is avoid contacting the hackers. They may try to steal your data and encourage you to pay them. Then, install good antivirus software (like Norton or Bitdefender) and let it remove the malware from your device.
How do I remove malware from a PDF?
The easiest solution is to use an antivirus like Norton. Sure, each virus could theoretically be removed through painstaking and tedious manual processes, but an antivirus scans your selected files and automatically quarantines or removes any malware that’s infecting your PDFs.
On top of removing malware, antiviruses like Norton and Bitdefender also provide you with real-time protection against intrusive viruses. Plus, they offer a host of other cybersecurity tools like a VPN, web protection, dark web monitoring, PC optimization tools, a network firewall to prevent intrusions, and a lot more.
What’s the best antivirus to remove malware from a PDF?
My favorite antivirus to remove malware from a PDF is Norton. Norton has a flawless malware scanner, which efficiently detected and removed 100% of every type of malware I tested, including viruses, trojans, ransomware, and more. It also has excellent web protection, ensuring you don’t stumble across a malware-ridden PDF file online.
Bitdefender is a close second. Its cloud-based malware scanner doesn’t tax your system at all, and its malware detection rating is just as good as Norton’s. While I think Norton is just slightly better (it has the best dark web monitoring on the market, for example), Bitdefender is also a worthwhile investment.
What do I do if my PDF gave me malware?
Don’t fret — antiviruses will remove malware that’s already infecting your computer. If you downloaded an infected PDF that already injected itself into your device or network, simply run an antivirus like Norton (or any of our top picks) and allow it to quarantine and remove every type of malware it finds.
If your data has already been encrypted and stolen by ransomware, it may be trickier. Decrypting data often requires a decryption key, which may not always be available. While you can usually recover your data and beat malware easily, it’s incredibly important to have an antivirus with real-time protection, so your data is never encrypted and stolen in the first place.
