Most likely, you have an infected machine or two somewhere in your network. This worm scans for vulnerable machines, and when it finds one it drops onto it a TFTP server. The TFTP server would then download the worm and your AV software would detect the file upon creation and generate a popup alert.
You need to ensure that you have re-booted each workstation after patching and scan each and every machine on your network to find those that are infected.
For more info on this topic, check out these SearchSecurity.com resources:
This was first published in September 2003