That’s right, I’m sure you’ve heard time and time again (perhaps even form me) to stay on top of updates, we’ll this is one you want to stay away from, why’s that? because the wordpress team didnt make it.
Thats right if you have downloaded and installed wordpress 2.6.4 you’ve installed a trojen you should delete your wp-admin and wp-includes directorys and replace them with fresh copies downloaded from wordpress.org. also if you have a recent database backups, I recommend dropping the tables from your database and restoring them from backups to be on the safe side.
WordPress (as of this writing) is at version 2.6.5 but remember there IS NO 2.6.4 version they have skiped this version number to avoid confusion with the trojen, if you are running 2.6.4 you are running an compimised blog.