Maybe not viruses much any more, but definitely worms. (And also some automated malicious servers scattered about the Internet that pull lists of devices with certain ports open from Shodan et al, and then repeatedly attempt to attack/penetrate whatever's on those lists.)
There are several videos available on YouTube, of someone connecting a Win9x/2K/XP machine to the modern Internet, waiting just a few minutes, and then observing (through Process Explorer) the silent introduction of various payloads onto the system.
You didn't have a router with dialup, or early DSL, where the modem was a separate device. You'd often get publicly routable IPv4s in your university dorm, too. See also napster. :-)
Probably not many instances of code infecting that way, as most boxes running an OS that old should be well firewalled by now so the virus type infections will have died out.
You occasionally still see probes for Win95/98 era vulnerabilities though, presumably because there are a surprising amount of systems still running those versions and the cost of a probe in case one is accidentally open to the public network. Or as an attacker if you've already got into a private subnet, finding such hosts might be worth it as an extra place to put a reverse tunnel to aid getting back in later if your main route is closed off.
Metasploit has options to check for these systems and, given the appropriate checkbox, will happily support old Windows systems. So often you'll find support for these system even in modern malware - a tell (amongst many others) that Metasploit was used in their creation.
There are several videos available on YouTube, of someone connecting a Win9x/2K/XP machine to the modern Internet, waiting just a few minutes, and then observing (through Process Explorer) the silent introduction of various payloads onto the system.