Bootkit = Rootkit + Boot Capability

A kernel-mode rootkit variant called a bootkit is used predominantly to attack full disk encryption systems, for example as in the "Evil Maid Attack", in which a bootkit replaces the legitimate boot loader with one controlled by an attacker; typically the malware loader persists through the transition to protected mode when the kernel has loaded. For example, the "Stoned Bootkit" subverts the system by using a compromised boot loader to intercept encryption keys and passwords.[39] More recently, the Alureon rootkit has successfully subverted the requirement for 64-bit kernel-mode driver signing in Windows 7 by modifying the master boot record. The only known defenses against bootkit attacks are the prevention of unauthorized physical access to the system—a problem for portable computers—or the use of a Trusted Platform Module configured to protect the boot path. - Wikipedia.
The main feature of a bootkit is that it cannot be detected by standard means of an operating system because all its components reside outside of the standard file systems.
Some types of bootkits hide even the fact that the MBR has been compromised by returning the legitimate copy of the MBR when an attempt to read it has been made.



A system infected with a Bootkit can be cured with the TDSSKiller utility. Details here. More removal tools here: List of Free Rootkit Remover, Scanner, Revealer, Detector software