Update Java and ditch old remnants.
It seems if you leave an older version along side an up-to-date version, the older code, still works - thus bypassing the patch/update.
So visiting a site is enough to infect.
Holy fuck is this thing nasty!
It's a bootkit; easily detected.
Safe mode and then...