Many malware authors use external .bat/.cmd files to delete the .exe dropper, because it is non-trivial to self-delete while the malware is still running. In the past it was possible to use Gary Nebbett’s famous self-deleting executable trick and it worked for Windows NT and Windows 2000. However, it doesn’t work under newer versions of Windows.

Question:

Is it possible to create a self-deleting executable for newer version of Windows?

Answer here

Normally it is impossible to create files with names reserved for old DOS device drivers e.g. ‘con’, ‘lpt1’, ‘lpt2’, etc., yet some malware still manages to create them.

How?

Answer here