Don't restart this thing until you've had a professional harden your network. You are not gonna stop the botnet, so the best you can do is limit the impact of post-exploitation.
And this is hardening like a DMZ. I'd probably end up with an arch mirror VM on the same host, tell libvirt to isolate the traffic and tell the host to drop all traffic coming from these machines without looking at it after setting up the arch mirror.
And then cross my fingers that there are no KVM bugs.
Better yet, just run this on a t2.micro on a throwaway EC2 account. Doesn't matter if they own the box, they get literally nothing they couldn't get for free from Amazon anyways.
put it in an aws vpc on a private subnet. create another subnet with a nat instance. Only allow access to the vpc over ssh or whatever from the secure control server. Lock all other incomming via security groups or network ACLs. Allow egress from this box only to route on ports 80 && 443 out through a route table to the NAT instance to the internet. Further you can allow the nat to only allow access to 80/443 outbound to whitelisted ip addresses, or if you want to get craftier, make the nat a squid box and whitelist / net nanny what it can hit possibly via an admin watching twitch plays stream and saying yea/nea
And then cross my fingers that there are no KVM bugs.