No they aren't. There's tons of them. You don't need to be admin for a virus to be a problem. All the data a user cares about is owned by that user anyways. There's plenty of "haha I encrypted your files, pay me if you want to access them ever again" extortion viruses.
All the instances of these that I've seen rely on social engineering to do their thing though (we had a teacher at my school fall victim to one recently, which is moderately entertaining [when you have up to date backups] when you have a bunch of read/write network shares), as opposed to regular files/executables 'infected with a virus' which is how I generally look at viruses in the traditional sense.
Lots of viruses used social engineering since the start. The only difference now is that once run, it doesn't have admin privileges, so it is harder for it to make itself a permanent fixture on the system.
No they aren't. There's tons of them. You don't need to be admin for a virus to be a problem. All the data a user cares about is owned by that user anyways. There's plenty of "haha I encrypted your files, pay me if you want to access them ever again" extortion viruses.