Stop messing about and get these machines properly cleaned up !
I remember when DNS changer trojans first hit my campus... I sent out warnings to people telling them that their machines were infected, and that they need to sort themselves out pronto. Typical responses (from those that replied):
"Why should I bother ? My machine appears to be working at the moment !"
"What's it to you if I use different DNS servers ?"
"No, I think you'll find that YOUR DNS servers are infected" - that was from a computer science student who thought OpenBSD was prone to viruses just like Windows *facepalm*.
Okay, I've tried to be reasonable about this, time to break stuff... I reprogrammed the firewalls to only allow outbound DNS requests from the official campus servers, and a few staff workstations for testing/diagnostic purposes. OpenDNS was also allowed, as some folks were using this legitimately.
It's funny how people sat up and started paying attention when their internets suddenly broke.
Helpdesk was instructed on how to check which DNS servers were being used, anyone not using the normal servers for their part of campus (or OpenDNS) had to get their machine checked over and/or rebuilt.
Leaving all those infected machines unfixed for so long isn't doing anybody any favours, least of all the affected users. Trojans enjoy company, and you can bet quite a few of those machines will be riddled with other nasties.