A new variant of the Nachi worm is patching PCs that are vulnerable to MyDoom.A.

Nachi B, also known as Welchi, copies itself onto systems using the same flaw as MyDoom.A, as a file named 'Svchost.exe'.

It then attempts to delete MyDoom and downloads patches to fix the security hole.

Carole Theriault, security consultant at Sophos, said: "It's an interesting case - some kind of Robin Hood virus.

"We're seeing some spreading but it's not going too fast. We're hoping everyone with MyDoom would have stripped it out by now. If IT managers haven't updated by now they are way behind the curve."

Viruses to deal with viruses are nothing new. In the mid 1990s a boot sector virus called Chinese Fish attempted something similar by removing a virus called Stoned.

Nachi's first incarnation emerged last year as an attempt to patch the security hole exploited by the Blaster worm.

David Emm, product marketing manager at McAfee Security, explained that such code is a bad idea.

"I see code like this as a little bit of a blind; a ruse to calm people's fears," he said.

"Nachi A did not do a particularly good job at patching systems and this one doesn't look much better. At the end of the day it's still self-replicating code and that's a bad medium."

Infection rates are low so far, but an antivirus signature is under development.