Eradication removes all traces of the threat — malware, backdoors, unauthorized accounts, persistence mechanisms, and the root cause vulnerability that enabled initial access.
Eradication must be thorough — missed persistence = reinfection. Check all known persistence points. Patch the root cause vulnerability. NIST phase 3: Containment + Eradication + Recovery are combined. Document all removed artifacts for lessons learned.