BleepingComputer Review:

BlitzBlank is an advanced system administration tool that allows you to disable drivers, delete files, folders, Windows Registry keys and values that are in-use or locked by malware. BlitzBlank also includes the ability to create scripts for removing multiple files, folders, and Registry information at once in order to avoid malware recreating the files and locking them again. This tool should only be used by advanced system administrators and IT professionals due to its ability to delete almost any file or folder.

BlitzBlank is able to delete locked and in-use files because it deletes them before any applications or even Windows are started.  It does this by using special low-level technology that makes it almost impossible for malware to stop the tool from deleting the requested files.  This makes it a very powerful tool for deleting those stubborn and persistent malware files including rootkits.

BlitzBlank also includes a basic scripting language that allows you to delete multiple files, folders, and Registry data at one time.  This is very effective as it can kill all traces of an infection at once without risk that any leftovers will recreate the other files or Registry information.  The scripting commands that can be used with BlitzBlank are:

• DeleteFile: [ReplaceWithDummy] - Delete a file on boot.  Option ReplaceWithDummy replaces the file with a small and harmless file of the same name.
   
• MoveFile: [ReplaceWithDummy]- Move a file to another location on boot. Option ReplaceWithDummy replaces the file with a small and harmless file of the same name. This option is useful if you want to harvest the sample for analysis.
   
• DeleteFolder: [ReplaceWithDummy]- Delete a folder on boot.  Option ReplaceWithDummy replaces the folder with an empty folder that uses the same name.
   
• MoveFolder: [ReplaceWithDummy]- Move a folder to another location on boot. Option ReplaceWithDummy replaces the folder with a folder that uses the same name. This option is useful if you want to harvest the folder and its contents for analysis.
   
• DeleteRegKey: [ReplaceWithDummy] [Backup]- Delete a file on boot.  Option ReplaceWithDummy replaces the key with an empty key using the same name.
   
• DeleteRegValue: [ReplaceWithDummy] [Backup]- Delete a file on boot.  Option ReplaceWithDummy replaces the value with an empty one of the same name.
   
• DisableDriver: [Backup]-  Disables a driver.  Option Backup will backup the driver to the specified location.
   
• Execute: - Executes a program on startup.

An example script is:

DeleteRegKey:
    hkey_local_machine\software\microsoft\windows\currentversion\badmalware
MoveFile: ReplaceWithDummy
    "c:\documents and settings\bleeping\malware.exe" c:\sample.exe
 

Note: Parameters in [square brackets] are optional parameters and are used without the square bracket. For example: DeleteFile: ReplaceWithDummy

Note 2: Every command requires the path to the object you wish to delete or backup to be listed on the next line after the command. For all "Move" commands, the source and target paths should be listed on the same line separated by a space. Paths with embedded spaces must be "surrounded" by double-quotation marks.