![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 20%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAH%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Defender | Other
Additional Microsoft Defender tools and services that provide security across various platforms and environments
The malicious PDF editor behaved like a trojan and infostealer. Windows Defender has already detected and removed multiple related components, which is a good sign, but a few extra checks help ensure the device is clean and stays protected.
Steps to take now:
- Run a full Microsoft Defender Antivirus scan again
- Open Windows Security → Virus & threat protection.
- Make sure Microsoft Defender Antivirus is enabled.
- Under Current threats, choose Scan options → Full scan and run it.
- Before scanning, select Virus & threat protection updates → Check for updates to get the latest definitions, as recommended in the malware troubleshooting guidance.
- Turn on cloud-based protection and sample submission
- In Windows Security → Virus & threat protection → Manage settings under Virus & threat protection settings.
- Ensure Cloud-delivered protection and Automatic sample submission are set to On. This increases the chance of detecting any remaining or new variants of the malware.
- Run Microsoft Defender Offline
- Microsoft Defender Offline scans outside of Windows and can detect rootkits or threats that try to hide from the normal OS.
- In Windows Security, choose Virus & threat protection → look for Microsoft Defender Offline scan (or Scan options → Microsoft Defender Offline scan) and run it.
- The PC will restart and perform a special scan before Windows loads.
- Remove any remaining unwanted software and browser add-ons
- Go to Settings > Apps > Apps & features and uninstall any PDF editor or other software that is not recognized or needed, especially anything related to the fake PDF editor.
- In each browser used on the PC, remove unknown or suspicious extensions/add-ons and reset unwanted changes (home page, search engine, etc.).
- If suspicious files remain
- If Defender reports suspicious files that it cannot remove or that keep reappearing, submit them to Microsoft for analysis using the file submission portal referenced in the documentation.
- How to check when the program was installed
- In Settings > Apps > Apps & features, locate any remaining entries related to the PDF editor. The Install date column (or by sorting by install date) shows when each app was installed.
- If the app entry has already been removed, the exact install date may no longer be visible in this list, but checking other apps around the same install date can still give a rough timeframe.
How to judge if the PC is likely clean now:
- If:
- All components of the fake PDF editor have been uninstalled and its folders deleted,
- A fully updated Microsoft Defender Antivirus full scan shows no threats,
- A Microsoft Defender Offline scan also shows no threats,
- No new suspicious behavior appears (no unexpected PowerShell windows, no unknown apps, no browser changes),
then the system is likely clean and protected by Defender.
If new detections or suspicious behavior continue after these steps, consider backing up important data and consulting a professional technician or support channel for deeper investigation.
References: