Removal tools attempt to restore the infected executables to their uninfected state. Removal is successful if the executable, after disinfection, matches the executable before infection on a byte-for-byte basis. The removal process can also produce two types of failures: hard failure and soft failure.
A hard failure occurs if the disinfected program will no longer execute or the removal program terminates without removing the virus. Such a severe failure will be obvious to detect and can occur for a variety of reasons. Executables infected by overwriting viruses cannot be recovered in an automated fashion; too much information has been lost. Hard failures also occur if the removal program attempts to remove a different virus than the actual infector.
Removal results in a soft failure if the process produces an executable, which is slightly modified from its original form, that can still execute. This modified executable may never have any problems, but the user cannot be certain of that. The soft failure is more insidious, since it cannot be detected by the user without performing an integrity check.