### Step 4: Eradication

Eradication is intended to actually remove malware or other artifacts introduced by the attacks, and fully restore all affected systems.

The SANS eradication process involves:

-   **Reimaging**—complete wipe and re-image of affected system hard drives to ensure any malicious content is removed.
-   **Preventing the root cause**—understanding what caused the incident preventing future compromise, for example by patching a vulnerability exploited by the attacker.
-   **Applying basic security best practices**—for example, upgrading old software versions and disabling unused services.
-   **Scan for malware**—use anti-malware software, or Next-Generation Antivirus (NGAV) if available, to scan affected systems and ensure all malicious content is removed.