Depending on how technically correct you want to be, viruses are a subset of malware, or the two words mean the same thing.
The word malware (malicious software) describes any piece of code designed to infect your computer (or mobile device) and make it do things that you don't want it to do, such as mass-mail spam or steal your banking passwords. Trojans, worms, and rootkits are all types of malware.
And so is a virus, in its most technically-correct meaning. A virus is malicious code that spreads by infecting existing files, similar to the way a biological virus spreads by infecting living cells.
Once common, true computer viruses have become quite rare. Criminals have found better ways to spread malicious code.
So if viruses are rare, why do people still talk about them? And why do we still run antivirus programs?
Viruses were the dominant form of malware in the 1980s and 90s, when personal computers were first becoming common. At that time, there was no commonly-used umbrella term such as malware, so people called any malicious program a virus.
And the word has stuck. Although that program you keep running in the background protects you (hopefully) from all forms of malware, it's called antivirus because that type of program has always been called antivirus.