Letters from Virgin Media's security team are genuine., and although they highlight the possibility of using F-Secure/Gadget rescue. These are given as possible options with no compulsion to use either service.
While I have not had one about spam, I have had a letter highlighting an mDNS vulnerability in the past. That letter was genuine, I actually contacted the company that provided Virgin Media with the information and confirmed the report. I also took steps to close down the vulnerability as well.
Only use Helpful answer if your problems been solved.