Any quick-fix for eradicating these two? Since they constant spread, once removed it can reoccur. If a machine is infected and the MS Patch is applied, will the MS Patch remove the registry keys and the .EXE's that are pulled down?

Also, we block TFTP at the firewall, but somehow the executables still get pulled to these machines. What port is being used to pull down the payload?