Named after the WINSTART.BAT file where the body of the trojan is placed. That BAT file contains four text lines followed by binary data: @ECHO OFF :spercentr# COPY percent0.BAT C:Q.COM>NUL C:Q [ binary data ] On execution of that file the trojan copies itself (the BAT file) into the COM dropper, and executes it. That dropper is placed at the root directory of C: drive with the name Q.COM. Being executed it installs itself into the High Memory Area, hooks INT 2Fh, and creates the WINSTART.BAT files on floppy drives, and copies the trojan body into newly created BAT file.
Bacteria [Computer Associates]BAT.Winstart.f [Kaspersky]Bv.winstart.296 [Panda]