My users have been complaining about viruses for a few months now and I thought that I had removed the ad network responsible for this, but it seems to be multiple networks...or some how injecting into whatever js my ad codes have (because those without the ads aren't getting this). I wanted to know if anyone else was having problems with millages.net downloads. It comes up as pdf.pdf, terms.pdf, or tos.pdf (not sure on the last one, it's something like that, maybe contact.pdf). Here's one image/example: I've looked into it a little bit and saw a few sites were having the same issue but didn't see that any of them solved it. Apparently your computer becomes infected the minute that download pops up...you don't even have to download and run it. So I hope someone can help me with this...
Practically, PDF's can't be infected. Maybe the PDF was a crafted one, the attacker may created an exploit based on a vulnerability in your PDF reader(usually Adobe) and the antivirus found it.
PDF files can not be infected. Maybe the malware/virus was coded based on some PDF reader's vulnerability. Also, check logs if any breach in occured, what IP did that file come from, etc... It's practically a code that when a user comes to view your website it automatically downloads and executes the file.