Maybe not viruses much any more, but definitely worms. (And also some automated malicious servers scattered about the Internet that pull lists of devices with certain ports open from Shodan et al, and then repeatedly attempt to attack/penetrate whatever's on those lists.)

There are several videos available on YouTube, of someone connecting a Win9x/2K/XP machine to the modern Internet, waiting just a few minutes, and then observing (through Process Explorer) the silent introduction of various payloads onto the system.

Probably not many instances of code infecting that way, as most boxes running an OS that old should be well firewalled by now so the virus type infections will have died out.

You occasionally still see probes for Win95/98 era vulnerabilities though, presumably because there are a surprising amount of systems still running those versions and the cost of a probe in case one is accidentally open to the public network. Or as an attacker if you've already got into a private subnet, finding such hosts might be worth it as an extra place to put a reverse tunnel to aid getting back in later if your main route is closed off.

> or (completely airgapped) for some industrial tool with drivers/software provided by a company that has been defunct for 25+ years.

this is a juicy enough target to justify such a virus.