Shell scripts are a zero tolerance suspension reason; you're responsible for the security of your website. The TOS also indicates you're the only one whose supposed to be putting content on it, so I'm a bit confused why one of your students was even able to upload to it:
Personal accounts are to be used by the primary owner only. Personal account holders are not permitted to resell, store or give away web-hosting services of their website to other parties. Web hosting services are defined as allowing a separate, third party to host content on the owner's web site. Exceptions to this include ad banners, classified ads, and personal ads.
Forums don't count as content as far as we're concerned, but if a student is allowed to upload files, that is considered giving away hosting services. That puts you firmly responsible for the upload being possible.
Worse still is -what- was uploaded, and that it was my scanner that caught it. Mine catches it when it's ran, whereas the server catches it as it's uploaded. I'm looking right in the code for the shell script in question - it looks for the Milw0rm exploit, is designed to bypass restrictions on exec and shellexec, has a self-contained proxy, opens a backdoor on the entire server (or tries to), attempts to read other users files along with modifying them, inject code into other websites, and a slew of other EXTREMELY bad things.
In accordance with section 8 of the TOS and multiple sections of the Acceptable Use Policy, the account is currently under a permanent non-revocable suspension for the presence of a script designed to cripple the server's security. For the security of every other user on said server your account cannot be unsuspended.
Section 8 details how when the terms are violated, backups are not provided. Section 6 also states backups are your responsibility. If a student really -did- upload this shell, I would highly advise determining which one uploaded it, and take it up with them directly.