When asked about that by the colloquial layman my answer is generally :
Virus can self execute, replicate and spread (like biological ones) while malware (layman also refer to troyans) need user actions and unawareness to execute.
Malware also broadly refers to software unwanted by and malicious to the user. So it includes pre-installed auto-executing OEM adware, spyware, and grayware (colloquially also known as bloat).
Interesting so yeah while distinction between virus and trojan can hold, I guess that virus enter the broad malware definition and thus the OP is right.
