Here is a snip of a great article explaining Virus Spoofing from www.lse.ac.uk:
Email-distributed viruses that use spoofing, such the Klez or Sobig virus, take a random name from somewhere on the infected personís hard disk and mail themselves out as if they were from that randomly chosen address. Recipients of these viruses are therefore misled as to the address from which they were sent, and may end up complaining to, or alerting the wrong person. As a result, users of uninfected computers may be wrongly informed that they have, and have been distributing a virus.
If you receive an alert that youíre sending infected emails, first run a virus scan using McAfee (see documentation for further information). If you are uninfected, then you may want to reply to the infection alert with this information:
ìYour virus may have appeared to have been sent by me, but I have scanned my system and I am not infected. A number of email-distributed viruses fake, or spoof, the ëFrom’ address using a random address taken from the Outlook contacts list or from Web files stored on the hard drive.î
But keep in mind that a virus alert message is quite often auto generated and sent via an anti-virus server and so replying to the original email may not elicit a response.