W32.Welchia.Worm is a worm that exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. The worm attempts to download the DCOM RPC patch from Microsoft's Windows Update Web site, install it, and then reboot the computer.Like you can see, not all virus writers are evil. This new 'friendly' worm is also known under the name W32/Nachi.worm
The worm will also attempt remove W32.Blaster.Worm.
More info at Symantec
UPDATE : GCN also has an interesting article about the Welchia Worm, you can find it here.
“Welchia masquerades as a ‘good worm,’ patching against the vulnerability,” he said. “In reality, it opens TCP port 707 for an attacker to remotely control the computer.”
Welchia appears to be programmed to remove itself from an infected computer in 2004. It creates the files DLLHOST.EXE and SVCHOST.EXE in the WINNTSYSTEM32WINS directory and opens port 707 on the infected computer. Monitoring TCP ports 707 and 135, which MSBlaster uses, could help identify the presence of malicious code, Dunham said.