From NSIS Wiki
|Author: Takhir (talk, contrib)|
Plug-in for setup in place deletion without exe copy or reboot.
SelfDel.zip (25 KB)
Plug-in launches hidden Window Explorer, it waits installer (uninstaller) to finish and deletes exe. Optionaly removes exe' directory. After this Explorer exits as well.
- Windows XP 32-bit
- Windows Vista 32-bit/64-bit
- Windows 7 32-bit/64-bit
- Windows 8 32-bit/64-bit
"del" DLL function
SelfDel::del [/RMDIR] [/REBOOT | /SHUTDOWN]
- Creates remote thread in the hidden Windows Explorer process, it waits parent process to exit and deletes it's file.
- if exe directory is empty after file deletion, removes directory as well with this option.
- /REBOOT (added by Afrow UK)
- reboots the machine after installer deletion.
- /SHUTDOWN (added by Afrow UK)
- shuts the machine down after installer deletion.
Function .onInstSuccess SelfDel::del FunctionEnd
The nsis setup with the SelfDel plugin was recognized as virus HEUR:Trojan.Win32.Invade by Kaspersky Lab.
"The Kaspersky product is detecting not on the NSIS installer, but what the NSIS installer is doing. It calls a subfunction Del inside of SelfDel which starts explorer.exe as a suspended process, writes memory into it, and then executes it. If you stay away from using SelfDel and its Del function, the detection would stop occurring. We cannot fix this detection. Attempting to fix it would also allow a large amount of malware to go undetected. The NSIS plugin authors are encouraged to look for other alternatives for deleting the installer after execution."