https://en.wikipedia.org/wiki/Welchia
Welchia, also known as the “Nachi worm”, is a computer worm that exploits a vulnerability in the Microsoft remote procedure call (RPC) service similar to the Blaster worm. However, unlike Blaster, it first searches for and deletes Blaster if it exists, then tries to download and install security patches from Microsoft that would prevent further infection by Blaster, so it is classified as a helpful worm. Welchia was successful in deleting Blaster, but Microsoft claimed that it was not always successful in applying their security patch.[
The first of these I remember is the “cheese worm” back in the 90s. It closed ports and did some other basic security things and left a message in the sys.log to eat more cheese.