Question : How can I prevent changes to web browser proxy settings?

Active Directory 2003 environment.  We have about 100 users and occasionally they get viruses/trojans that change their web browser proxy settings which prevents the user from web browsing even after the virus/trojan has been cleaned.  Obviously... I just remove the proxy setting and web browser functionality is restored,  but I'd like to prevent this from happening in the first place.

Using a GPO I can disable a user's ability to change the proxy setting via the internet options menu... the option is then grayed out... but somehow the virus/trojans are still able to modify the proxy setting which means all that my GPO is doing is preventing me from conveniently removing that proxy setting during virus/trojan removal.  I end up having to move the affected workstation out of the OU where the GPO is applied, gpupdate /force, etc, change the setting and move the workstation back into the proper OU.  

So clearly that particular GPO just prevents users from changing the setting via the menus, but there is still some other way the setting can be changed.  Is there another GPO that I'm missing that says "NO PROXY SERVERS... EVER!"  or something similar to that?  

Thanks a lot all.

Answer : How can I prevent changes to web browser proxy settings?

might want to upgrade your anti-virus solution...  and take local admin rights away from your users