Antivirus vendors sending out warnings to perform a scan of your computer? Sure, that must be legit... Right?
Email claiming to be from Symantec
If you click on download, a file called RemovalTool.exe will be downloaded.
The malware authors have used the Java symbol as icon. Not sure what's up with that, haven't they been following the news? ;-)
Java icon, trying to trick the user
When executing the file, you get a nice installer screen:
Alleged Java Setup screen
In the background, the following file is downloaded and executed:
Plugin.dll & JavaUpdate.dll
(it's the same file, just a different name so not to raise suspicion)
JavaUpdate.dll gets injected into explorer.exe to carry out other malicious activities and to ensure that it starts automatically.
The file tries to connect to URLs above
Always be wary when receiving a mail, even if it seems to be from an Antivirus vendor. In this case, the malware authors try to scare the user by saying you are infected and need to download a file to clean it up.
In case of doubt, perform a scan with your installed Antivirus and an online scan from another vendor. Remove the mail.