A new, and paradoxical worm dubbed W32.Welchia, W32/Nachi and Worm_MSBlast.D, downloads the patch for the MSBlast.exe vulnerability from Microsoft's site for both Windows 2000 and Windows XP from Microsoft's Technet Security site.
New MS Blast Variant Plugs Blaster Hole
W32.Welchia. Worm; The Friendly Worm
Government Computer News: New Worm Reportedly Fixes RPC Vulnerability
[i]Ed. SMBP: This is in no way a recommendation to try to use Welchia instead of the traditional removal tools, because as Ken Durham, Malicious Code Intelligence Officer at IDefense, Inc. in Reston Virginia told GCN:
"Welchia attempts to patch against the RPC vulnerability and then remove itself from the infected computer,